[152400] in North American Network Operators' Group
Re: rpki vs. secure dns?
daemon@ATHENA.MIT.EDU (Matthias Waehlisch)
Sat Apr 28 04:55:40 2012
Date: Sat, 28 Apr 2012 10:55:08 +0200
From: Matthias Waehlisch <waehlisch@ieee.org>
To: Paul Vixie <vixie@isc.org>
In-Reply-To: <4F9B181D.30606@isc.org>
X-HTW-DELIVERED-TO: nanog@nanog.org
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
line 408 ff. in the IETF 83 SIDR minutes
* http://www.ietf.org/proceedings/83/minutes/minutes-83-sidr.txt
Cheers
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehlisch@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cpt.haw-hamburg.de .. http://www.link-lab.net
On Fri, 27 Apr 2012, Paul Vixie wrote:
> http://tech.slashdot.org/story/12/04/27/2039237/engineers-ponder-easier-fix-to-internet-problem
>
> > "The problem: Border Gateway Protocol (BGP) enables routers to
> > communicate about the best path to other networks, but routers don't
> > verify the route 'announcements.' When routing problems erupt, 'it's
> > very difficult to tell if this is fat fingering on a router or
> > malicious
> > <http://www.itworld.com/security/272320/engineers-ponder-easier-fix-dangerous-internet-problem>,'
> > said Joe Gersch, chief operating officer for Secure64, a company that
> > makes Domain Name System (DNS) server software. In a well-known
> > incident, Pakistan Telecom made an error with BGP after Pakistan's
> > government ordered in 2008 that ISPs block YouTube, which ended up
> > knocking Google's service offline
> > <http://slashdot.org/story/08/02/25/1322252/pakistan-youtube-block-breaks-the-world>.
> > A solution exists, but it's complex, and deployment has been slow. Now
> > experts have found an easier way."
>
> this seems late, compared to the various commitments made to rpki in
> recent years. is anybody taking it seriously?
>
>
