nanog mailing list archives
Re: Routing Insecurity (Re: BGP in the Washington Post)
From: David Mandelberg <david () mandelberg org>
Date: Thu, 04 Jun 2015 23:56:01 -0400
On 06/03/2015 04:27 AM, Roland Dobbins wrote:
(not to mention the enumeration and enhanced DDoS impact of packeting routers doing crypto for their BGP sessions and which aren't protected via iACLs/GTSM).
Could you elaborate on your enumeration and DDoS concerns? If you're concerned about the public finding out exactly how many routers you have because you've published one BGPsec router key per router, you can choose to use the same router key on multiple routers. If you're concerned about all the crypto work overloading a router, the plan (as far as I've heard) is for the routers to do the BGPsec crypto work in the background as a low priority. I.e., incoming signed routes will initially be treated like unsigned routes, and the BGPsec validation will be kicked off in the background. Once the validation is complete, then routing decisions can be made based on the BGPsec validity. -- David Eric Mandelberg / dseomn http://david.mandelberg.org/
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Routing Insecurity (Re: BGP in the Washington Post), (continued)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Mark Tinka (Jun 01)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Ca By (Jun 01)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 01)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Mark Andrews (Jun 01)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 02)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Denis Fondras (Jun 02)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 02)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Dale W. Carder (Jun 02)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Ethan Katz-Bassett (Jun 02)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 03)
- Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 04)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 04)
- Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 09)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Valdis . Kletnieks (Jun 09)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Valdis . Kletnieks (Jun 09)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Randy Bush (Jun 10)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Randy Bush (Jun 10)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Sandra Murphy (Jun 10)