nanog mailing list archives
Re: do not filter your customers
From: Nick Hilliard <nick () foobar org>
Date: Fri, 24 Feb 2012 23:16:06 +0000
On 24/02/2012 20:04, Shane Amante wrote:
Solving for route leaks is /the/ "killer app" for BGPSEC. I can't understand why people keep ignoring this.
I'd be interested to hear your opinions on exactly how rpki in its current implementation would have prevented the optus/telstra problem. Could you elaborate? Here's a quote from draft-ietf-sidr-origin-ops:
As the BGP origin AS of an update is not signed, origin validation is open to malicious spoofing. Therefore, RPKI-based origin validation is designed to deal only with inadvertent mis-advertisement. Origin validation does not address the problem of AS-Path validation. Therefore paths are open to manipulation, either malicious or accidental.
An optus/telstra style problem might have been mitigated by an rpki based full path validation mechanism, but we don't have path validation. Right now, we only have a draft of a list of must-have features - draft-ietf-sidr-bgpsec-reqs. This is only the first step towards designing a functional protocol, not to mind having running code. Nick
Current thread:
- Re: do not filter your customers, (continued)
- Re: do not filter your customers Jeff Young (Feb 24)
- Re: do not filter your customers Shane Amante (Feb 24)
- Re: do not filter your customers Christopher Morrow (Feb 24)
- Re: do not filter your customers Geoff Huston (Feb 24)
- Re: do not filter your customers Leo Bicknell (Feb 24)
- Re: do not filter your customers Christopher Morrow (Feb 24)
- Re: do not filter your customers Leo Bicknell (Feb 24)
- Re: do not filter your customers Christopher Morrow (Feb 24)
- RE: do not filter your customers George Bonser (Feb 24)
- Re: do not filter your customers Nick Hilliard (Feb 24)
- Re: do not filter your customers Nick Hilliard (Feb 24)
- Re: do not filter your customers Shane Amante (Feb 24)
- Re: do not filter your customers Nick Hilliard (Feb 25)
- Re: do not filter your customers Dongting Yu (Feb 25)
- Re: do not filter your customers Dobbins, Roland (Feb 25)
- Re: do not filter your customers Randy Bush (Feb 24)
- Re: do not filter your customers Dobbins, Roland (Feb 24)
- Re: do not filter your customers Shane Amante (Feb 24)
- Re: do not filter your customers Randy Bush (Feb 25)
- Re: do not filter your customers Randy Bush (Feb 25)
- Re: do not filter your customers Randy Bush (Feb 24)