BGP Security and PKI Hierarchies (was: Re: Wifi Security)

• Previous message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Next message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>My issue is that if ISPs  a) only announce networks that they know
>(for different values of know - but hopefully based on some kind of
>trust in the RIR's data) they are authorized to announce, and b) took
>responsibility for the behavior of the paths or prefixes they
>announce, and the bits that are originated in those paths or
>prefixes, and took action to stop the bad behavior, the issue of
>trust paths might not be so critical.

Problems with bad routing behavior have been around since the very
earliest days of the Arpanet - I think we'd be mad to rely on that
going away.  (As long as everybody was honest, there'd be no need for
fraud laws and law enforcement and courts.... lost cause, there.)

One of the hoped for goals of the various security solutions is the
ability to make your own check of what you are being told, so if someone
along the way is less than correct and less than diligent in checking
what they are propagating, you the diligent one can stop the problems.

--Sandy

• Previous message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Next message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]