"Defensive" BGP hijacking?

• Previous message (by thread): "Defensive" BGP hijacking?
• Next message (by thread): "Defensive" BGP hijacking?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Scott and Doug,

The problem with a new automated enforcement system is that it hobbles both agility and innovation. ISPs have enjoyed simple BGP management, entirely self-regulated, for decades. A global enforcement system, besides being dang hard to do correctly, brings the specter of government interference, since such a system could be overtaken by government entities to manhandle free speech. 

In my opinion, the community hasn't spent nearly enough time discussing the danger aspect. Being engineers, we focus on technical means, ignoring the fact that we're designing our own guillotine. 

 -mel beckman

> On Sep 14, 2016, at 12:10 AM, Scott Weeks <surfer at mauigateway.com> wrote:
> 
> 
> 
> --- dougm.work at gmail.com wrote:
> From: Doug Montgomery <dougm.work at gmail.com>
> 
> If only there were a global system, with consistent and verifiable security
> properties, to permit address holders to declare the set of AS's authorized
> to announce their prefixes, and routers anywhere on the Internet to
> independently verify the corresponding validity of received announcements.
> 
> *cough      https://www.nanog.org/meetings/abstract?id=2846     cough*
> ------------------------------------------------
> 
> 
> Yes, RPKI.  That's what I was waiting for.  Now we can get to
> a real discussion... ;-)
> 
> scott

• Previous message (by thread): "Defensive" BGP hijacking?
• Next message (by thread): "Defensive" BGP hijacking?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]