Routing Insecurity (Re: BGP in the Washington Post)
Russ White
russw at riw.us
Wed Jun 10 13:44:14 UTC 2015
> folk have different threat models. yours (and mine) may be propagation of
> router compromise. for others, it might be a subtle increase in
disclosure of
> router links. contrary to your original assertion, the protocol supports
both.
The increased disclosure is not "subtle." The alternate -- deploying a new
key to every eBGP speaker in your network while the security of all your
routes is compromised, isn't so "subtle" either. It's a bad tradeoff in
either direction -- typical of solutions that ask the wrong questions in the
first place.
Russ
More information about the NANOG
mailing list