
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hello Amir,<br>

    </p>

    <div class="moz-cite-prefix">On 5/18/19 1:08 PM, Amir Herzberg

      wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CAHBw0M8rFd4KQ8fhtQhLQskONO7E64p=gqocVnXAQn1-pF6DLQ@mail.gmail.com">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <div dir="ltr">

        <div>This discussion is very interesting, I didn't know about

          this problem, it has implications to our work on routing

          security, thanks!</div>

      </div>

    </blockquote>

    <p>Your welcome..., since long time ago I wanted to expose our

      findings in English.<br>

    </p>

    <p><br>

    </p>

    <blockquote type="cite"

cite="mid:CAHBw0M8rFd4KQ8fhtQhLQskONO7E64p=gqocVnXAQn1-pF6DLQ@mail.gmail.com">

      <div dir="ltr">

        <div dir="ltr"><br>

        </div>

        <div dir="ltr">On Sat, May 18, 2019 at 11:37 AM Alejandro Acosta

          <<a href="mailto:alejandroacostaalamo@gmail.com"

            target="_blank" moz-do-not-send="true">alejandroacostaalamo@gmail.com</a>>

          wrote:<br>

        </div>

        <div class="gmail_quote">

          <blockquote class="gmail_quote" style="margin:0px 0px 0px

            0.8ex;border-left:1px solid

            rgb(204,204,204);padding-left:1ex"><br>

               If you learn, let's say, up to /22 (v4), and someone

            hijacks one /21 <br>

            you will learn the legitimate prefix and the hijacked

            prefix. Now, the <br>

            owner of the legitimate prefix wants to defends their routes

            announcing <br>

            /23 or /24, of course those prefixes won't be learnt if they

            are filtered.<br>

          </blockquote>

          <div><br>

          </div>

          <div>I wonder if this really is a consideration to avoid

            filtering small prefixes (e.g. /24):</div>

        </div>

      </div>

    </blockquote>

    <p><br>

    </p>

    <p>My position is exactly the opposite.<br>

    </p>

    <p><br>

    </p>

    <blockquote type="cite"

cite="mid:CAHBw0M8rFd4KQ8fhtQhLQskONO7E64p=gqocVnXAQn1-pF6DLQ@mail.gmail.com">

      <div dir="ltr">

        <div class="gmail_quote">

          <div><br>

          </div>

          <div>- attackers are quite likely to  do sub-prefix hijacks

            (or say a specific /24), so I'm not sure this `hits'

            defenders more than it `hits' attackers</div>

        </div>

      </div>

    </blockquote>

    <p><br>

    </p>

    <p>Yes, you are right, but anyhow -IMHO- this still better than not

      learning small prefixes at all.<br>

    </p>

    <p><br>

    </p>

    <blockquote type="cite"

cite="mid:CAHBw0M8rFd4KQ8fhtQhLQskONO7E64p=gqocVnXAQn1-pF6DLQ@mail.gmail.com">

      <div dir="ltr">

        <div class="gmail_quote">

          <div>- I think we're talking only/mostly about small providers

            here, right? as larger providers probably will not have such

            problems of tables exceeding router resources.I expect such

            small providers normally connect thru several tier-2 or so

            providers... if these upper-tier providers get hijacked, the

            fact you've prevented this at the stub/multihome ISP may not

            help much - we showed how this happens with ROV in our NDSS

            paper on it:</div>

          <div><a

href="https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/are-we-there-yet-rpkis-deployment-and-security/"

              target="_blank" moz-do-not-send="true">https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/are-we-there-yet-rpkis-deployment-and-security/</a> </div>

          <div><br>

          </div>

        </div>

      </div>

    </blockquote>

    <p>You are right here. <br>

    </p>

    <p>Thanks for the link, I will take a look. <br>

    </p>

    <p><br>

    </p>

    <p>Alejandro,<br>

    </p>

    <p><br>

    </p>

    <blockquote type="cite"

cite="mid:CAHBw0M8rFd4KQ8fhtQhLQskONO7E64p=gqocVnXAQn1-pF6DLQ@mail.gmail.com">

      <div dir="ltr">

        <div class="gmail_quote">

          <div> <br>

          </div>

          <div> </div>

          <div style="font-size:12.8px">Amir Herzberg<br>

          </div>

          <div style="font-size:12.8px">Comcast professor for security

            innovation</div>

          <div style="font-size:12.8px">Dept. of Computer Science and

            Engineering, University of Connecticut</div>

          <div style="font-size:12.8px"><br>

            <div>

              <div dir="ltr" style="font-size:small">

                <div style="font-size:12.8px">Foundations of

                  Cybersecurity: <a

href="https://www.researchgate.net/project/Lecture-notes-on-Introduction-to-Cyber-Security"

                    target="_blank" moz-do-not-send="true">https://www.researchgate.net/project/Lecture-notes-on-Introduction-to-Cyber-Security</a><br>

                </div>

                <br>

              </div>

            </div>

          </div>

          <div><span style="font-size:12.8px">Homepage: </span><a

              href="https://sites.google.com/site/amirherzberg/home"

              style="font-size:12.8px" target="_blank"

              moz-do-not-send="true">https://sites.google.com/site/amirherzberg/home</a>   </div>

        </div>

      </div>

    </blockquote>

  </body>

</html>