nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: the problems being solved -- or not

From: Tony Li <tony.li () tony li>
Date: Tue, 24 May 2005 22:20:54 -0700



Pekka,

First of all, if you are assuming that NO ISPs make use of prefix
filters, then you would be incorrect.  There are those that try very
hard to make use of such filters.  However, we do not have 100%
deployment of those filters.

Since we will never see 100% deployment of such filters, we will
continue to have mistakes or attacks floating around within the routing
system.  For the ISPs that are sufficiently concerned, it would be very
nice if they could have an automated mechanism that could authenticate
the information that they've recevied via BGP.  Not all ISPs will enable
this mechanism either, but some will, and they and their customers will
gain some advantage by doing so.

Just because this mechanism will never see 100% deployment is not a
reason to discard the remainder of the benefit that can be had.


And managing the certificates, processing them, ...., would be
significantly easier?


Yes, since more of this can be reasonably automated in a general way,
rather than a set of ad hoc hacks.

Tony
Previous By Date Next
Previous By Thread Next

Current thread: