nanog mailing list archives

Re: Routing Insecurity (Re: BGP in the Washington Post)

From: David Mandelberg <david () mandelberg org>
Date: Tue, 09 Jun 2015 19:09:45 -0400

On 2015-06-05 02:40, Roland Dobbins wrote:

On 5 Jun 2015, at 10:56, David Mandelberg wrote:

Could you elaborate on your enumeration and DDoS concerns?


Crypto = more overhead.  Less priority to crypto plus DDoS = routing
update issues.

I don't think there's an update issue here. The crypto verification isprobably going to be deferred in addition to being low priority. If Iunderstand it correctly, this means that a route can be passed alongright away without waiting for the crypto checks.

One can infer peering relationships in a way not possible before.


How?

What about bogus signatures?

If I understand correctly, these routes (and all newly received routes)will initially be treated similarly to unsigned routes. Once BGPsecvalidation completes, then local policy determines what to do with thevalidation results.


--
David Eric Mandelberg / dseomn
http://david.mandelberg.org/

Current thread:

Re: Routing Insecurity (Re: BGP in the Washington Post), (continued)
- - - Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 01)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Mark Andrews (Jun 01)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 02)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Denis Fondras (Jun 02)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 02)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Dale W. Carder (Jun 02)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Ethan Katz-Bassett (Jun 02)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 03)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 04)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 04)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 09)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Valdis . Kletnieks (Jun 09)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Valdis . Kletnieks (Jun 09)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Randy Bush (Jun 10)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Randy Bush (Jun 10)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Sandra Murphy (Jun 10)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 11)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 11)

(Thread continues...)