rpki vs. secure dns?

Cameron Byrne cb.list6 at gmail.com
Fri Apr 27 17:16:16 CDT 2012


On Apr 27, 2012 3:05 PM, "Paul Vixie" <vixie at isc.org> wrote:
>
>
http://tech.slashdot.org/story/12/04/27/2039237/engineers-ponder-easier-fix-to-internet-problem
>
> > "The problem: Border Gateway Protocol (BGP) enables routers to
> > communicate about the best path to other networks, but routers don't
> > verify the route 'announcements.' When routing problems erupt, 'it's
> > very difficult to tell if this is fat fingering on a router or
> > malicious
> > <
http://www.itworld.com/security/272320/engineers-ponder-easier-fix-dangerous-internet-problem
>,'
> > said Joe Gersch, chief operating officer for Secure64, a company that
> > makes Domain Name System (DNS) server software. In a well-known
> > incident, Pakistan Telecom made an error with BGP after Pakistan's
> > government ordered in 2008 that ISPs block YouTube, which ended up
> > knocking Google's service offline
> > <
http://slashdot.org/story/08/02/25/1322252/pakistan-youtube-block-breaks-the-world
>.
> > A solution exists, but it's complex, and deployment has been slow. Now
> > experts have found an easier way."
>
> this seems late, compared to the various commitments made to rpki in
> recent years. is anybody taking it seriously?
>

Taking what seriously ? The commitments to rpki you speak off ?

Late is a relative term.

It does not matter if the cat is white or black, as long as it cathes the
rat.

CB


More information about the NANOG mailing list