[144208] in North American Network Operators' Group
Re: Do Not Complicate Routing Security with Voodoo Economics
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Sep 5 10:57:30 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <D3BB8EEF-584C-4AB6-8CAA-FBE51FC9DB61@cs.princeton.edu>
Date: Mon, 5 Sep 2011 07:53:38 -0700
To: Jennifer Rexford <jrex@cs.princeton.edu>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 5, 2011, at 7:24 AM, Jennifer Rexford wrote:
>=20
>>=20
>> One could argue that rejecting routes which you previously had no way =
to
>> know you should reject will inherently alter the routing system and =
that this
>> is probably a good thing.
>=20
> Good point. Also, "tie breaking" in favor of signed-and-verified =
routes over not-signed-and-verified routes does not necessarily affect =
your traffic "positively or negatively" -- rather, if you are letting an =
arbitrary final tie break make the decision anyway, you are arguably =
*neutral* about the outcome...
>=20
> -- Jen
This is true in terms of whether you care or not, but, if one just looks =
at whether it changes the content of the FIB or not, changing which =
arbitrary tie breaker you use likely changes the contents of the FIB in =
at least some cases.
The key point is that if you are to secure a previously unsecured =
database such as the routing table, you will inherently be changing the =
contents of said database, or, your security isn't actually =
accomplishing anything.
Owen
