Global Blackhole Service
Randy Bush
randy at psg.com
Fri Feb 13 21:41:50 UTC 2009
eventually, the rpki will give you the first half, authentication
of the owner of the ip space. this leaves, as smb hinted, securing
the request path from the black-hole requestor to the service and
of the service to the users.
smb:
> You can't do this without authoritative knowledge of exactly who
> owns any prefix; you also have to be able to authenticate the
> request to blackhole it. Those two points are *hard*.
randy
More information about the NANOG
mailing list