Global Blackhole Service

Randy Bush randy at
Fri Feb 13 21:41:50 UTC 2009

eventually, the rpki will give you the first half, authentication
of the owner of the ip space.  this leaves, as smb hinted, securing
the request path from the black-hole requestor to the service and
of the service to the users.

> You can't do this without authoritative knowledge of exactly who
> owns any prefix; you also have to be able to authenticate the
> request to blackhole it.  Those two points are *hard*.


More information about the NANOG mailing list