nanog mailing list archives
Re: "Defensive" BGP hijacking?
From: Mel Beckman <mel () beckman org>
Date: Fri, 16 Sep 2016 16:06:19 +0000
Doug, Although RPKI is voluntary and decisions are local, those decisions are also automated. DNS is voluntary, and decisions are local as well, yet the government has been able to leverage DNS to unilaterally seize domain names without due process. Like Maxwell's Demons, it's theoretically possible for ISPs everywhere to notice government malfeasance and rush to a unified decision to counter it. But in practice this never happens. Preventing government manhandling needs to be a design goal. -mel beckman On Sep 16, 2016, at 8:32 AM, Doug Montgomery <dougm.work () gmail com<mailto:dougm.work () gmail com>> wrote: Ah, the global system I was referring to was the RPKI as distributed repository of routing information. With consistent properties (data formats, security models, data validation techniques, etc) across all 5 RIRs. What an ISP does with the RPKI data, interns of route filtering, is always a local policy decision. Somehow "global enforcement system" sounded like a vision where ISPs don't have a choice of how and where to use the system. Maybe I read too much into the phrasing. In the end, I think the issues boils down to if the community has the desire and will to address the route hijack issue. If the answer is no, then no further discussion is needed. If the answer is yes, then it is best to discuss and compare real proposals / mechanisms to address the issue at scale. I am still interested in some detail on the "tyranny implications". We can't address them until we know what they are and how they compare to any other solution that tries to address the same problem. dougm On Wed, Sep 14, 2016 at 6:04 PM, Mel Beckman <mel () beckman org<mailto:mel () beckman org>> wrote: Doug, I was basing my comments on your statement "If only there were a global system.." However you slice or dice it, the tyranny implications have not yet been addressed. That certainly needs to be in front of any technical idea such as RPKI. Although I haven't participated in the OT&E, nothing I've read in RFC 6810 talks about these issues. It talks about authentication and transport security, but doesn't talk about the potential for government interference. -mel beckman On Sep 14, 2016, at 8:22 AM, Doug Montgomery <dougm.work () gmail com<mailto:dougm.work () gmail com>> wrote: Mel, If you are speaking of RPKI based origin validation, I am not sure "automated / global enforcement system" is a useful description. It does provide a consistent means for address holders to declare AS's authorized to announce prefixes, and a means for remote ASs to compare received updates vs such declarations. What the receiving AS does with the validation information is strictly a local policy matter. Frankly, this is no more a "new automated enforcement system" than IRR-based route filtering has been for 20 years. The only difference is that there is a consistent security model across all 5 RIRs as to who can make such declarations and it is tightly tied to the address allocation business process. I have seen a lot of FUD about the specter of interference, but not a lot of serious thought / discussion. Having a serious technical discussion of potential risks and mitigations in the system would be useful. dougm On Wed, Sep 14, 2016 at 10:51 AM, Mel Beckman <mel () beckman org<mailto:mel () beckman org>> wrote: Scott and Doug, The problem with a new automated enforcement system is that it hobbles both agility and innovation. ISPs have enjoyed simple BGP management, entirely self-regulated, for decades. A global enforcement system, besides being dang hard to do correctly, brings the specter of government interference, since such a system could be overtaken by government entities to manhandle free speech. In my opinion, the community hasn't spent nearly enough time discussing the danger aspect. Being engineers, we focus on technical means, ignoring the fact that we're designing our own guillotine. -mel beckman
On Sep 14, 2016, at 12:10 AM, Scott Weeks <surfer () mauigateway com<mailto:surfer () mauigateway com>> wrote: --- dougm.work () gmail com<mailto:dougm.work () gmail com> wrote: From: Doug Montgomery <dougm.work () gmail com<mailto:dougm.work () gmail com>> If only there were a global system, with consistent and verifiable security properties, to permit address holders to declare the set of AS's authorized to announce their prefixes, and routers anywhere on the Internet to independently verify the corresponding validity of received announcements. *cough https://www.nanog.org/meetings/abstract?id=2846 cough* ------------------------------------------------ Yes, RPKI. That's what I was waiting for. Now we can get to a real discussion... ;-) scott
-- DougM at Work -- DougM at Work
Current thread:
- Re: "Defensive" BGP hijacking?, (continued)
- Re: "Defensive" BGP hijacking? Hunter Fuller (Sep 13)
- Re: "Defensive" BGP hijacking? Scott Weeks (Sep 13)
- Re: "Defensive" BGP hijacking? Hugo Slabbert (Sep 13)
- Re: "Defensive" BGP hijacking? Bryant Townsend (Sep 13)
- Re: "Defensive" BGP hijacking? Hugo Slabbert (Sep 13)
- Re: "Defensive" BGP hijacking? Scott Weeks (Sep 13)
- Re: "Defensive" BGP hijacking? Scott Weeks (Sep 14)
- Re: "Defensive" BGP hijacking? Mel Beckman (Sep 14)
- Re: "Defensive" BGP hijacking? Doug Montgomery (Sep 15)
- Re: "Defensive" BGP hijacking? Mel Beckman (Sep 14)
- Re: "Defensive" BGP hijacking? Doug Montgomery (Sep 16)
- Re: "Defensive" BGP hijacking? Mel Beckman (Sep 16)
- Re: "Defensive" BGP hijacking? Christopher Morrow (Sep 18)
- Re: "Defensive" BGP hijacking? Mel Beckman (Sep 14)
- Re: "Defensive" BGP hijacking? Christopher Morrow (Sep 14)
- Re: "Defensive" BGP hijacking? John Curran (Sep 19)
- Re: "Defensive" BGP hijacking? Christopher Morrow (Sep 19)
- Re: "Defensive" BGP hijacking? John Curran (Sep 20)
- Re: "Defensive" BGP hijacking? Christopher Morrow (Sep 20)
- Re: "Defensive" BGP hijacking? John Curran (Sep 20)