nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

From: Sandy Murphy <sandy () tislabs com>
Date: Wed, 23 Nov 2005 19:49:12 -0500 (EST)


My issue is that if ISPs  a) only announce networks that they know
(for different values of know - but hopefully based on some kind of
trust in the RIR's data) they are authorized to announce, and b) took
responsibility for the behavior of the paths or prefixes they
announce, and the bits that are originated in those paths or
prefixes, and took action to stop the bad behavior, the issue of
trust paths might not be so critical.


Problems with bad routing behavior have been around since the very
earliest days of the Arpanet - I think we'd be mad to rely on that
going away.  (As long as everybody was honest, there'd be no need for
fraud laws and law enforcement and courts.... lost cause, there.)

One of the hoped for goals of the various security solutions is the
ability to make your own check of what you are being told, so if someone
along the way is less than correct and less than diligent in checking
what they are propagating, you the diligent one can stop the problems.

--Sandy
Previous By Date Next
Previous By Thread Next

Current thread: