nanog mailing list archives
Re: soBGP deployment
From: Andrew Dul <andrew.dul () quark net>
Date: Sat, 21 May 2005 10:44:47 -0700
At 02:31 PM 5/20/2005 -0400, Christopher Woodfield wrote:
As far as answering the "First Goal" of the article, I really don't see much here that isn't handled today by route registries, except for the TLS certificate stuff. Not sure how much security that adds, practically; how often do people see their route objects jacked by hax0rs?
Unfortunately it doesn't really matter how unlikely or how infrequent people hijack routes. The hijack of one high profile prefix is going to cause a lot of damage, which could number in the multi-millions of dollars. I also don't see routing registries today really providing highly accurate information. Sure most of the time it is pretty good but you really don't know for sure. Yes securing BGP is a lot of work, but I believe something is going to have to happen as time goes on. There is just too much risk for not preventing hijacking of address space. We as operators can decide to secure the network or after some 'incident' occurs a government will mandate something that may not be fully baked and could be a lot more work. Andrew
Current thread:
- soBGP deployment vijay gill (May 19)
- Re: soBGP deployment Christopher Woodfield (May 20)
- Re: soBGP deployment Christopher L. Morrow (May 20)
- Re: soBGP deployment Andrew Dul (May 21)
- Re: soBGP deployment Randy Bush (May 21)
- Re: soBGP deployment Pekka Savola (May 21)
- Re: soBGP deployment Steven M. Bellovin (May 21)
- Re: soBGP deployment Pekka Savola (May 21)
- Re: soBGP deployment Randy Bush (May 21)
- Re: soBGP deployment Russ White (May 21)
- Re: soBGP deployment william(at)elan.net (May 23)
- Re: soBGP deployment Pekka Savola (May 21)
- Re: soBGP deployment Jeroen Massar (May 21)
- Re: soBGP deployment Russ White (May 21)
- Re: soBGP deployment Larry J. Blunk (May 23)
- Re: soBGP deployment Christopher Woodfield (May 20)