Securing the BGP or controlling it?

Danny McPherson danny at
Mon May 10 22:36:00 UTC 2010

On May 10, 2010, at 2:52 PM, Larry Sheldon wrote:

> At the risk of seeming to be a conspiracy theorist, I am worried that
> with "Central Authority" we might not have "hijacking" but "rerouting
> for inspection and correction".

Building a database (i.e,. RPKI) aligned with the Internet number
resource allocation hierarchy attesting to who's authorized to originate
what route announcements and telling you how to configure your routers
are two fundamentally different things.  

If that database doesn't exist it's tough to discriminate between 
legitimate and malicious or erroneous announcements - irrespective of
how you discriminate.  If it does exist, and you use it, anyone that 
can rub two packets together is surely going to employ preferences 
that first consider organizational and local objectives, then
potentially national, and then some global inputs.  

This basically helps people to make more informed decisions, methinks.


More information about the NANOG mailing list