Re: BGP in the Washngton Post

[Mark Andrews <marka () isc org>]

In message <556C8EBC.7080109 () netassist ua>, Max Tulyev writes:
> Is there *IN THEIORY* any possibility to make BGP secure enough now?
>
> Yes, RPKI protects from fat fingered people, but NOT protects from
> people doing hijacks knowlingly.

At the moment because not enough of the net is covered.  When you
get enough coverage then yes it will protect you because there is
no way to get a valid CERT to authenticate the hijack.

Even before that RPKI will limit the impact of the hijack by isolating
the attack to the networks close to the injection points.  Think
of this as herd immunity.

> The global routing registry really can be the solution, but it
> automatically gives one authority a power to cut off any network.
> Imagine how fast it will be used for censorship.
 
> On 01.06.15 16:24, William Herrin wrote:
> > Interesting story about BGP and security in the Washington Post today:
> >
> > http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/
> >
> > -Bill
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org