Re: Heads up: Long AS-sets announced in the next few days

[Jeroen Massar <jeroen () unfix org>]

On Thu, 2005-03-03 at 20:27 +1100, Geoff Huston wrote:
> > On 2005-03-02, at 19.38, James A. T. Rice wrote:
> >
> > > This seems to suggest that you are just picking ASns at random to
> > > inject into the paths, and that you don't have a set of ASs which you
> > > have the assignees permission to use.
> >
> > Would't this then actually equate to resource hijacking along the lines
> > of prefix hijacking? Who will be the first to hit the RIRs?
>
> Isn't this a case of illustrating how easy it is to tell lies in BGP today? 
> I don't
> see what hitting the RIRs has do to with this. The problem appears to be more
> basic than that - its just too easy to tell lies in BGP and get the lies 
> propagated globally.

I am probably telling you what you already know, but for the ones who
don't know it yet:

Secure BGP (S-BGP):
http://www.ir.bbn.com/projects/s-bgp/
http://www.nanog.org/mtg-0306/pdf/bellovinsbgp.pdf
http://www.nwfusion.com/details/6484.html?def

and of course the sister by amongst others Cisco:

Secure Origin BGP (SO-BGP):
http://bgp.potaroo.net/ietf/idref/ draft-ng-sobgp-bgp-extensions/
http://www.nwfusion.com/details/6485.html
http://www.nanog.org/mtg-0306/pdf/alvaro.pdf 

etc... most people know how to google I guess ;)

Aka BGP with certificates and other nice tricks.

Greets,
 Jeroen

Attachment: signature.asc
Description: This is a digitally signed message part