[152386] in North American Network Operators' Group
rpki vs. secure dns?
daemon@ATHENA.MIT.EDU (Paul Vixie)
Fri Apr 27 18:06:12 2012
Date: Fri, 27 Apr 2012 22:05:17 +0000
From: Paul Vixie <vixie@isc.org>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
http://tech.slashdot.org/story/12/04/27/2039237/engineers-ponder-easier-fix-to-internet-problem
> "The problem: Border Gateway Protocol (BGP) enables routers to
> communicate about the best path to other networks, but routers don't
> verify the route 'announcements.' When routing problems erupt, 'it's
> very difficult to tell if this is fat fingering on a router or
> malicious
> <http://www.itworld.com/security/272320/engineers-ponder-easier-fix-dangerous-internet-problem>,'
> said Joe Gersch, chief operating officer for Secure64, a company that
> makes Domain Name System (DNS) server software. In a well-known
> incident, Pakistan Telecom made an error with BGP after Pakistan's
> government ordered in 2008 that ISPs block YouTube, which ended up
> knocking Google's service offline
> <http://slashdot.org/story/08/02/25/1322252/pakistan-youtube-block-breaks-the-world>.
> A solution exists, but it's complex, and deployment has been slow. Now
> experts have found an easier way."
this seems late, compared to the various commitments made to rpki in
recent years. is anybody taking it seriously?
