Global Blackhole Service

Randy Bush randy at psg.com
Fri Feb 13 15:41:50 CST 2009


eventually, the rpki will give you the first half, authentication
of the owner of the ip space.  this leaves, as smb hinted, securing
the request path from the black-hole requestor to the service and
of the service to the users.

smb:
> You can't do this without authoritative knowledge of exactly who
> owns any prefix; you also have to be able to authenticate the
> request to blackhole it.  Those two points are *hard*.

randy




More information about the NANOG mailing list