do not filter your customers

Shane Amante shane at castlepoint.net
Sat Feb 25 00:28:15 CST 2012


On Feb 24, 2012, at 5:49 PM, Randy Bush wrote:
>> Solving for route leaks is /the/ "killer app" for BGPSEC.
> 
> as would be solving world hunger, war, bad cooking, especially bad
> cooking.
> 
> route leaks, as much as i understand them
>  o are indeed bad ops issues
>  o are not security per se
>  o are a violation of business relationshiops
>  o and 20 years of fighting them have not given us any significant
>    increase in understanding, formal definition, or prevention.
> 
> i would love to see progress on the route leak problem.  i do not
> confuddle it with security.


So, it is not OK for traffic to be /intentionally/ diverted through a malevolent AS, but it is OK for traffic to be /unintentionally/ diverted through a (possibly) malevolent AS?  Who's to judge the security exposure[1] of the latter is not identical (or, worse) than the former?

-shane

[1] dropped traffic, traffic analysis, etc. 


More information about the NANOG mailing list