Re: Do Not Complicate Routing Security with Voodoo Economics

[Jennifer Rexford <jrex () CS Princeton EDU>]

> > to me honest, what set me off was
> >
> >    http://transition.fcc.gov/pshs/advisory/csric3/wg-descriptions_v1
> >
> > describing, among others, a routing working group of an fcc
> > "communications security, reliability and interoperability council"
> >
> > i.e. these folk plan to write policy and procedures for operators, not
> > just write publish or perish papers.
>
> apologies.  dorn caught my error
>
> http://transition.fcc.gov/pshs/advisory/csric3/wg-descriptions_v1.pdf

As one of the co-chairs of this working group, I'd like to chime in to clarify the purpose of this group.  Our goal is 
to assemble a group of vendors and operators (not "publish or perish" academics) to discuss and recommend effective 
strategies for incremental deployment of security solutions for BGP (e.g., such as the ongoing RPKI and BGP-SEC work).  
It is not to design new security protocols or to "write policy and procedures for operators" -- that would of course be 
over-reaching and presumptuous.  The goal is specifically to identify strategies for incremental deployment of the 
solutions designed and evaluated by the appropriate technical groups (e.g., IETF working groups).  And, while the 
SIGCOMM paper you mention is an example of such a strategy, it is just one single example -- and is by no means the 
recommendation of a group that is not yet even fully assembled yet.  The working group will debate and discuss a great 
many issues before suggesting any strategies, and those strategies would be the output of the entire working group.

<tongue in cheek> As for "publish or perish" academics, I doubt you'll find that the small set of academics who choose 
to go knee deep into operational issues do so because they are trying to optimize their academic careers... ;) </tongue 
in cheek>

-- Jen