nanog mailing list archives
Re: BGP to doom us all
From: "Steven M. Bellovin" <smb () research att com>
Date: Fri, 28 Feb 2003 20:19:58 -0500
In message <3E5FDFC8.3000208 () whack org>, Bruce Pinsky writes:
Jim Deleskie wrote:http://news.com.com/2100-1009-990608.html?tag=fd_lede1_hed Seems the BGP will be the down fall of the internet, the sky is falling the sky is fallingWhat a crock of crap. Knowing who someone is doesn't stop them from causing intentional or unintentional problems. In fact, authentication is more likely
The problem that sBGP is trying to solve is *authorization*, not identification. Briefly -- and please read the papers and the specs before flaming -- every originating AS would have a certificate chain rooted at their local RIR stating that they own a certain address block. If an ISP SWIPs a block to some customer, that ISP (which owns a certificate from the RIR for the parent block) would sign a certificate granting the subblock to the customer. The customer could then announce it via sBGP. The other part sBGP is that it provides a chain of signatures of the entire ASpath back to the originator. Now -- there are clearly lots of issues here, including the fact that the the authoritative address ownership data for old allocations is, shall we say, a bit dubious. And the code itself is expensive to run, since it involves a lot of digital signatures and verifications, especially when things are thrashing because of a major backhoe hit. But -- given things like the AS7007 incident, and given the possibility -- probability? -- that it can happen again, can we afford to not do sBGP? My own opinion is that sophisticated routing attacks are the single biggest threat to the Internet. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)
Current thread:
- BGP to doom us all Jim Deleskie (Feb 28)
- Re: BGP to doom us all Bruce Pinsky (Feb 28)
- Re: BGP to doom us all batz (Feb 28)
- Re: BGP to doom us all Rob Thomas (Feb 28)
- Re: BGP to doom us all alex (Feb 28)
- Re: BGP to doom us all Rob Thomas (Feb 28)
- Re: BGP to doom us all batz (Feb 28)
- Re: BGP to doom us all Bruce Pinsky (Feb 28)
- Re: BGP to doom us all Randy Bush (Feb 28)
- Re: BGP to doom us all Steven M. Bellovin (Feb 28)
- Re: BGP to doom us all batz (Feb 28)
- RE: BGP to doom us all Barry Raveendran Greene (Feb 28)
- Re: BGP to doom us all Steven M. Bellovin (Feb 28)
- Re: BGP to doom us all Bruce Robertson (Feb 28)
- Re: BGP to doom us all batz (Feb 28)
- Re: BGP to doom us all Randy Bush (Feb 28)
- Re: BGP to doom us all batz (Feb 28)
- Re: BGP to doom us all Randy Bush (Feb 28)