So -- what did happen to Panix?

Joe Abley jabley at isc.org
Fri Jan 27 15:42:11 UTC 2006



On 27-Jan-2006, at 07:51, bmanning at vacation.karoshi.com wrote:

> 	perhaps you mean certified validation of prefix origin
> 	and path.

In the absense of path valdiation, a method of determining the real  
origin of a prefix is also required, if the goal is to prevent  
intentional hijacking as well as unintentional origination. Simply  
looking at the right-most entry in the AS_PATH doesn't cut it, since  
anybody can "set as-path prepend P".

This suggests to me that either we can't separate origin validation  
from path validation (which sucks the former into the more difficult  
problems associated with the latter), or we need a better measure of  
"origin" (e.g. a PKI and an attribute which carries a signature).


Joe




More information about the NANOG mailing list