[133331] in North American Network Operators' Group
Re: NWW: Fix to Chinese Internet traffic hijack due in January
daemon@ATHENA.MIT.EDU (Bill Woodcock)
Wed Dec 8 13:24:00 2010
From: Bill Woodcock <woody@pch.net>
In-Reply-To: <20101208181303.GY9434@leitl.org>
Date: Wed, 8 Dec 2010 10:23:46 -0800
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-234--7185563
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
On Dec 8, 2010, at 10:13 AM, Eugen Leitl wrote:
> =
http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=3D/news/2010/1=
20710-chinese-internet-traffic-fix.html&pagename=3D/news/2010/120710-chine=
se-internet-traffic-fix.html&pageurl=3Dhttp://www.networkworld.com/news/20=
10/120710-chinese-internet-traffic-fix.html&site=3Dprintpage&nsdr=3Dn
> Fix to Chinese Internet traffic hijack due in January
FWIW, I was fairly unhappy with how PCH was portrayed in the article... =
That was the product of a very long interview, and we certainly didn't =
suggest that the Prefix Sanity Checker was an _alternative_ to RPKI. I =
very much think routing security is a critical issue, the Prefix Sanity =
Checker was a baby-step in that direction, which will help some people =
some of the time; tools that perform a cryptographic verification of =
RADb-style origin and transitive-path assertions are the obvious next =
step, and I'd very much like to see them developed. It does seem to me, =
and a lot of people who've talked with me about it, however, that using =
existing cryptographic methods on top of existing routing-policy =
methods, would get us further, faster, than trying to cook up some whole =
new single-purpose protocol from scratch. That was the essence of the =
interview I gave, and I don't think that message made it through into =
the finished article very obviously.
-Bill
--Apple-Mail-234--7185563
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkz/zTIACgkQGvQy4xTRsBEyHQCgmDHWZho/iRYljCT9px4rtFnI
LqkAn0ENgkvzqPw16LeGTt33dbucPhPc
=KT1g
-----END PGP SIGNATURE-----
--Apple-Mail-234--7185563--
