Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking

[Blake Hudson <blake () ispn net>]

Harley H wrote on 10/26/2018 8:52 AM:
> Curious to hear others' thoughts on this.
> https://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1050&context=mca
>
> This paper presents the view that several BGP hijacks performed by 
> China Telecom had malicious intent. The incidents are:
> * Canada to Korea - 2016
> * US to Italy - Oct 2016
> * Scandinavia to Japan - April-May 2017
> * Italy to Thailand - April-July 2017
>
> The authors claim this is enabled by China Telecom's presence in North 
> America.
Not sure I agree with the author's argument of having Access Reciprocity 
between nations/governments (both as a technical solution or on 
political principle). Moving towards an ecosystem where prefix 
advertisements and AS paths are validated to prevent both accidental and 
intentional hijacks is probably a better solution to improve 
availability, integrity, and confidentiality. Encrypting traffic so 
that, even if it does go through a hostile network, it remains 
confidential and the integrity is validated is also probably a better 
solution than the proposed access reciprocity. With the number of 
players involved, neither of these will be short term changes. But, over 
time, we seem to be moving in that direction already.