nanog mailing list archives

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

From: Randy Bush <randy () psg com>
Date: Wed, 23 Nov 2005 08:54:59 -1000

My issue is that if ISPs  a) only announce networks that they know  
(for different values of know - but hopefully based on some kind of  
trust in the RIR's data) they are authorized to announce, and b) took  
responsibility for the behavior of the paths or prefixes they  
announce, and the bits that are originated in those paths or  
prefixes, and took action to stop the bad behavior, the issue of  
trust paths might not be so critical.


agreed up to the last clause.  but my base concern is not
config problems, but rather intentional attacks on the routing
system.  not to deny that there are config problems, they're
rife and a major pita.  but i suspect that the most agregious
will be dealt with by direct approaches to the security issues,
e.g. ip address ownership, as-path intent, etc.

randy

Current thread:

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security), (continued)
- - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Bill Woodcock (Nov 22)
    - Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 24)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Rodney Joffe (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Rodney Joffe (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Andre Oppermann (Nov 23)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven J. Sobol (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
    - Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven J. Sobol (Nov 22)
    - Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 24)
    - Re: BGP Security and PKI Hierarchies Valdis . Kletnieks (Nov 25)
    - Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 26)
- Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 24)
  - Re: BGP Security and PKI Hierarchies Michael . Dillon (Nov 25)
    - Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 25)

(Thread continues...)