nanog mailing list archives
Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
From: Rodney Joffe <rjoffe () centergate com>
Date: Wed, 23 Nov 2005 11:48:51 -0700
On Nov 23, 2005, at 11:09 AM, Randy Bush wrote:
not exactly. there are two trusts here. i have to accept that asns as incompetent at configuration as i are attesting to prefixes and paths or i won't be able to get to a large part of the net. but this is orthogonal to my trust in their competence to attest to the identity of other asns by cross-signing others' certs. i could have a business relationship with an asn whose routing competence i question.What happened to responsibility? Where does it fit in to the issue?responsibility for what?
sorry to be slow/cryptic.My issue is that if ISPs a) only announce networks that they know (for different values of know - but hopefully based on some kind of trust in the RIR's data) they are authorized to announce, and b) took responsibility for the behavior of the paths or prefixes they announce, and the bits that are originated in those paths or prefixes, and took action to stop the bad behavior, the issue of trust paths might not be so critical.
I am not arguing in any way with your views or thoughts related to trust models. I was merely drifting back to the original issue of rogue players in the path, and suggesting that there is an alternative method of mitigating the problems caused by those players that doesn't require protocol work. Ignore the deviation in the thread.
/rlj
Current thread:
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security), (continued)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Bill Woodcock (Nov 22)
- Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 24)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Rodney Joffe (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Rodney Joffe (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Andre Oppermann (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven J. Sobol (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven J. Sobol (Nov 22)
- Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 24)
- Re: BGP Security and PKI Hierarchies Valdis . Kletnieks (Nov 25)
- Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 26)
- Re: BGP Security and PKI Hierarchies Michael . Dillon (Nov 25)