Securing the BGP or controlling it?

Danny McPherson danny at tcb.net
Mon May 10 17:36:00 CDT 2010


On May 10, 2010, at 2:52 PM, Larry Sheldon wrote:

> At the risk of seeming to be a conspiracy theorist, I am worried that
> with "Central Authority" we might not have "hijacking" but "rerouting
> for inspection and correction".

Building a database (i.e,. RPKI) aligned with the Internet number
resource allocation hierarchy attesting to who's authorized to originate
what route announcements and telling you how to configure your routers
are two fundamentally different things.  

If that database doesn't exist it's tough to discriminate between 
legitimate and malicious or erroneous announcements - irrespective of
how you discriminate.  If it does exist, and you use it, anyone that 
can rub two packets together is surely going to employ preferences 
that first consider organizational and local objectives, then
potentially national, and then some global inputs.  

This basically helps people to make more informed decisions, methinks.

-danny





More information about the NANOG mailing list