Routing Insecurity (Re: BGP in the Washington Post)

Roland Dobbins rdobbins at arbor.net
Wed Jun 3 08:27:51 UTC 2015


On 3 Jun 2015, at 9:04, Ethan Katz-Bassett wrote:

> The same folks also followed up that workshop paper with a longer 
> paper on
> the topic:
> https://www.cs.bu.edu/~goldbe/papers/sigRPKI.pdf

Thanks to you and to Dale Carter - I was unaware of these papers.

Nonetheless, the risk remains of authorities interfering with the BGP as 
they've interfered with the DNS.

I'm very cognizant of the non-trivial effects of route-hijacking, having 
been involved in helping get a few of them resolved.  Nonetheless, my 
natural skepticism leads me to wonder whether we aren't better off with 
the problematic, error-prone system we have (not to mention the 
enumeration and enhanced DDoS impact of packeting routers doing crypto 
for their BGP sessions and which aren't protected via iACLs/GTSM).

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>



More information about the NANOG mailing list