rpki vs. secure dns?

Paul Vixie vixie at isc.org
Fri Apr 27 17:05:17 CDT 2012


> "The problem: Border Gateway Protocol (BGP) enables routers to
> communicate about the best path to other networks, but routers don't
> verify the route 'announcements.' When routing problems erupt, 'it's
> very difficult to tell if this is fat fingering on a router or
> malicious
> <http://www.itworld.com/security/272320/engineers-ponder-easier-fix-dangerous-internet-problem>,'
> said Joe Gersch, chief operating officer for Secure64, a company that
> makes Domain Name System (DNS) server software. In a well-known
> incident, Pakistan Telecom made an error with BGP after Pakistan's
> government ordered in 2008 that ISPs block YouTube, which ended up
> knocking Google's service offline
> <http://slashdot.org/story/08/02/25/1322252/pakistan-youtube-block-breaks-the-world>.
> A solution exists, but it's complex, and deployment has been slow. Now
> experts have found an easier way."

this seems late, compared to the various commitments made to rpki in
recent years. is anybody taking it seriously?

More information about the NANOG mailing list