nanog mailing list archives
Re: Do Not Complicate Routing Security with Voodoo Economics
From: Joe Maimon <jmaimon () ttec com>
Date: Mon, 05 Sep 2011 11:36:17 -0400
Owen DeLong wrote:
On Sep 5, 2011, at 7:24 AM, Jennifer Rexford wrote:One could argue that rejecting routes which you previously had no way to know you should reject will inherently alter the routing system and that this is probably a good thing.Good point. Also, "tie breaking" in favor of signed-and-verified routes over not-signed-and-verified routes does not necessarily affect your traffic "positively or negatively" -- rather, if you are letting an arbitrary final tie break make the decision anyway, you are arguably *neutral* about the outcome... -- JenThis is true in terms of whether you care or not, but, if one just looks at whether it changes the content of the FIB or not, changing which arbitrary tie breaker you use likely changes the contents of the FIB in at least some cases. The key point is that if you are to secure a previously unsecured database such as the routing table, you will inherently be changing the contents of said database, or, your security isn't actually accomplishing anything. Owen
Except if you believe we have been lucky until now and security is all about the future where we may be less lucky.
What I would be interested in seeing is a discussion on whether any anti-competitive market distortion incentives exist for large providers in adopting secured BGP. We might be lucky there too.
Perhaps this will finally help solve the routing slot scalability problem. Might also jumpstart LISP. Which may put some more steam into v6. Welcome to the brave new internet.
Good for everyone, right? Are you feeling lucky? Joe
Current thread:
- Re: Do Not Complicate Routing Security with Voodoo Economics, (continued)
- Re: Do Not Complicate Routing Security with Voodoo Economics Michael Schapira (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Randy Bush (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Dobbins, Roland (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Dobbins, Roland (Sep 05)
- Do Not Complicate Routing Security with Voodoo Economics Randy Bush (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Sharon Goldberg (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Leo Bicknell (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Owen DeLong (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Jennifer Rexford (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Owen DeLong (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Joe Maimon (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Owen DeLong (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Nick Feamster (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Sharon Goldberg (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Owen DeLong (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Dobbins, Roland (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Sharon Goldberg (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Michael Schapira (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Alexander Harrowell (Sep 06)
- Re: Do Not Complicate Routing Security with Voodoo Economics Neil J. McRae (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics Valdis . Kletnieks (Sep 05)
- Re: Do Not Complicate Routing Security with Voodoo Economics deleskie (Sep 05)