nanog mailing list archives

Re: Global Blackhole Service

From: Randy Bush <randy () psg com>
Date: Sat, 14 Feb 2009 06:41:50 +0900

eventually, the rpki will give you the first half, authentication
of the owner of the ip space.  this leaves, as smb hinted, securing
the request path from the black-hole requestor to the service and
of the service to the users.

smb:

You can't do this without authoritative knowledge of exactly who
owns any prefix; you also have to be able to authenticate the
request to blackhole it.  Those two points are *hard*.


randy

Current thread:

Re: Global Blackhole Service, (continued)
- - - Re: Global Blackhole Service Patrick W. Gilmore (Feb 14)
    - Re: Global Blackhole Service Michael Thomas (Feb 15)
    - Re: Global Blackhole Service Marshall Eubanks (Feb 15)
    - cogent issues John Martinez (Feb 15)
    - Re: cogent issues Michal Krsek (Feb 16)
    - Re: cogent issues neal rauhauser (Feb 16)
    - Re: cogent issues Marshall Eubanks (Feb 16)
    - Re: cogent issues Ran Liebermann (Feb 16)
    - Re: Global Blackhole Service Matthew Moyle-Croft (Feb 14)
  - Re: Global Blackhole Service Florian Weimer (Feb 13)
    - Re: Global Blackhole Service Randy Bush (Feb 13)
- Re: Global Blackhole Service Tico (Feb 13)
  - RE: Global Blackhole Service Barry Raveendran Greene (Feb 13)
- Re: Global Blackhole Service John Kristoff (Feb 14)
- Re: Global Blackhole Service Justin Shore (Feb 16)
- Re: Global Blackhole Service Nuno Vieira - nfsi telecom (Feb 13)
  - Re: Global Blackhole Service Suresh Ramasubramanian (Feb 13)
  - Re: Global Blackhole Service Paul Vixie (Feb 13)
    - Re: Global Blackhole Service Jack Bates (Feb 13)
    - Re: Global Blackhole Service Paul Vixie (Feb 13)
    - Re: Global Blackhole Service Chris Jester (Feb 13)

(Thread continues...)