|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Shane Amante <shane@castlepoint.net> In-Reply-To: <m2aa47ohys.wl%randy@psg.com> Date: Fri, 24 Feb 2012 23:28:15 -0700 To: Randy Bush <randy@psg.com> Cc: North American Network Operators' Group <nanog@nanog.org> Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org On Feb 24, 2012, at 5:49 PM, Randy Bush wrote: >> Solving for route leaks is /the/ "killer app" for BGPSEC. >=20 > as would be solving world hunger, war, bad cooking, especially bad > cooking. >=20 > route leaks, as much as i understand them > o are indeed bad ops issues > o are not security per se > o are a violation of business relationshiops > o and 20 years of fighting them have not given us any significant > increase in understanding, formal definition, or prevention. >=20 > i would love to see progress on the route leak problem. i do not > confuddle it with security. So, it is not OK for traffic to be /intentionally/ diverted through a = malevolent AS, but it is OK for traffic to be /unintentionally/ diverted = through a (possibly) malevolent AS? Who's to judge the security = exposure[1] of the latter is not identical (or, worse) than the former? -shane [1] dropped traffic, traffic analysis, etc.=20=
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |