[102702] in North American Network Operators' Group
Re: YouTube IP Hijacking
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Feb 25 03:14:46 2008
Date: Mon, 25 Feb 2008 07:45:54 +0000
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.64.0802250140420.28061@clifden.donelan.com>
Errors-To: owner-nanog@merit.edu
On Mon, 25 Feb 2008 01:49:51 -0500 (EST)
Sean Donelan <sean@donelan.com> wrote:
>
> On Mon, 25 Feb 2008, Steven M. Bellovin wrote:
> > How about state-of-the-art routing security?
>
> The problem is what is the actual trust model?
>
> Are you trusting some authority to not be malicious or never make a
> mistake?
>
> There are several answers to the malicious problem.
>
> There are fewer answers to never making a mistake problem.
>
> The state of the art routing security proposals let the "trusted"
> securely make mistakes. At one time or another, I think every router
> vendor, every ASN operator, every RIR, and so on has made a mistake
> at some time.
>
> Yeah, I know some of those mistakes may have actually been malicious,
> but so far the mistakes have outnumbered the malicious.
>
> If someone comes up with the anti-mistake routing protocol ...
Right. Everyone makes mistakes, but not everyone is malicious. And
the RIRs and the big ISPs are *generally* more clueful than the little
guys and the newcomers. Note also that secured BGP limits the kinds
of mistakes people can make. If I have a certificate from my RIR for
192.0.2.0/24, I can't neither announce 10.0.0.0/8 nor delegate it to
you, no matter how badly I type. Secured BGP still strikes me as a net
win.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
