nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Do Not Complicate Routing Security with Voodoo Economics

From: Owen DeLong <owen () delong com>
Date: Mon, 5 Sep 2011 07:53:38 -0700

On Sep 5, 2011, at 7:24 AM, Jennifer Rexford wrote:





One could argue that rejecting routes which you previously had no way to
know you should reject will inherently alter the routing system and that this
is probably a good thing.


Good point.  Also, "tie breaking" in favor of signed-and-verified routes over not-signed-and-verified routes does not 
necessarily affect your traffic "positively or negatively" -- rather, if you are letting an arbitrary final tie break 
make the decision anyway, you are arguably *neutral* about the outcome...

-- Jen


This is true in terms of whether you care or not, but, if one just looks at whether it changes the content of the FIB 
or not, changing which arbitrary tie breaker you use likely changes the contents of the FIB in at least some cases.

The key point is that if you are to secure a previously unsecured database such as the routing table, you will 
inherently be changing the contents of said database, or, your security isn't actually accomplishing anything.

Owen
Previous By Date Next
Previous By Thread Next

Current thread: