[126281] in North American Network Operators' Group
Re: Securing the BGP or controlling it?
daemon@ATHENA.MIT.EDU (Danny McPherson)
Mon May 10 18:38:22 2010
From: Danny McPherson <danny@tcb.net>
In-Reply-To: <4BE87212.2090805@cox.net>
Date: Mon, 10 May 2010 16:36:00 -0600
To: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On May 10, 2010, at 2:52 PM, Larry Sheldon wrote:
> At the risk of seeming to be a conspiracy theorist, I am worried that
> with "Central Authority" we might not have "hijacking" but "rerouting
> for inspection and correction".
Building a database (i.e,. RPKI) aligned with the Internet number
resource allocation hierarchy attesting to who's authorized to originate
what route announcements and telling you how to configure your routers
are two fundamentally different things.
If that database doesn't exist it's tough to discriminate between
legitimate and malicious or erroneous announcements - irrespective of
how you discriminate. If it does exist, and you use it, anyone that
can rub two packets together is surely going to employ preferences
that first consider organizational and local objectives, then
potentially national, and then some global inputs.
This basically helps people to make more informed decisions, methinks.
-danny
