"Is BGP safe yet?" test
Saku Ytti
saku at ytti.fi
Tue Apr 21 05:38:38 UTC 2020
On Tue, 21 Apr 2020 at 01:02, Baldur Norddahl <baldur.norddahl at gmail.com> wrote:
> Yes but that makes the hijacked AS path length at least 1 longer which makes it less likely that it can win over the true announcement. It is definitely better than nothing.
Attacker has no incentive to honor existing AS path, attacker can
rewrite it as they wish.
Anyhow I think some people think about RPKI in a way too binary manner
'because it is not secure, it is not useful'. Yes, AS_PATH
authenticity is an open problem, but this doesn't mean RPKI is
useless. Most of our BGP outages are not malicious, RPKI helps a lot
there and RPKI creates a higher quality database for prefix origin
information than what we have had.
--
++ytti
More information about the NANOG
mailing list