Securing the BGP or controlling it?
Danny McPherson
danny at tcb.net
Mon May 10 22:36:00 UTC 2010
On May 10, 2010, at 2:52 PM, Larry Sheldon wrote:
> At the risk of seeming to be a conspiracy theorist, I am worried that
> with "Central Authority" we might not have "hijacking" but "rerouting
> for inspection and correction".
Building a database (i.e,. RPKI) aligned with the Internet number
resource allocation hierarchy attesting to who's authorized to originate
what route announcements and telling you how to configure your routers
are two fundamentally different things.
If that database doesn't exist it's tough to discriminate between
legitimate and malicious or erroneous announcements - irrespective of
how you discriminate. If it does exist, and you use it, anyone that
can rub two packets together is surely going to employ preferences
that first consider organizational and local objectives, then
potentially national, and then some global inputs.
This basically helps people to make more informed decisions, methinks.
-danny
More information about the NANOG
mailing list