![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Global Blackhole Service
From: Randy Bush <randy () psg com>
Date: Sat, 14 Feb 2009 06:41:50 +0900
eventually, the rpki will give you the first half, authentication of the owner of the ip space. this leaves, as smb hinted, securing the request path from the black-hole requestor to the service and of the service to the users. smb:
You can't do this without authoritative knowledge of exactly who owns any prefix; you also have to be able to authenticate the request to blackhole it. Those two points are *hard*.
randy
Current thread:
- Re: Global Blackhole Service, (continued)
- Re: Global Blackhole Service Patrick W. Gilmore (Feb 14)
- Re: Global Blackhole Service Michael Thomas (Feb 15)
- Re: Global Blackhole Service Marshall Eubanks (Feb 15)
- cogent issues John Martinez (Feb 15)
- Re: cogent issues Michal Krsek (Feb 16)
- Re: cogent issues neal rauhauser (Feb 16)
- Re: cogent issues Marshall Eubanks (Feb 16)
- Re: cogent issues Ran Liebermann (Feb 16)
- Re: Global Blackhole Service Matthew Moyle-Croft (Feb 14)
- Re: Global Blackhole Service Randy Bush (Feb 13)
- RE: Global Blackhole Service Barry Raveendran Greene (Feb 13)
- Re: Global Blackhole Service Suresh Ramasubramanian (Feb 13)
- Re: Global Blackhole Service Paul Vixie (Feb 13)
- Re: Global Blackhole Service Jack Bates (Feb 13)
- Re: Global Blackhole Service Paul Vixie (Feb 13)
- Re: Global Blackhole Service Chris Jester (Feb 13)