BGP Security Research Question

• Previous message (by thread): BGP Security Research Question
• Next message (by thread): BGP Security Research Question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Let me disagree - Pakistan Youtube was possible only because their uplink
> provider did NOT implement inbound route filters . As always the weakest
> link is human factor - and no super-duper newest technology is ever to help
> here .

Agreed, the uplink absolutely should have implemented prefix filtering.

However, if the Youtube prefixes had been protected with RPKI, ISPs far
away could have verified the announcements themselves - and would have
found that the Pakistan Telecom originated prefixes were invalid (and
would presumably have found the original Youtube prefixes to be valid).
As least that's how I understand RPKI.

I want *both* prefix filtering and a system like RPKI.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no

• Previous message (by thread): BGP Security Research Question
• Next message (by thread): BGP Security Research Question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]