[175833] in North American Network Operators' Group
Re: BGP Security Research Question
daemon@ATHENA.MIT.EDU (Sandra Murphy)
Tue Nov 4 08:57:08 2014
X-Original-To: nanog@nanog.org
From: Sandra Murphy <sandy@tislabs.com>
In-Reply-To: <CAJ8Xm184hP4dcpiy7syP-p_cBaO=mZaV2LQmqnGPyhdZwMNfMg@mail.gmail.com>
Date: Tue, 4 Nov 2014 08:54:58 -0500
To: Yuri Slobodyanyuk <yuri@yurisk.info>
Cc: NANOG list <nanog@nanog.org>, Sandra Murphy <sandy@tislabs.com>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_95AE80AC-94F4-44AD-9233-10EB538DC07E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=windows-1252
On Nov 4, 2014, at 8:45 AM, Yuri Slobodyanyuk <yuri@yurisk.info> wrote:
> Let me disagree - Pakistan Youtube was possible only because their =
uplink
> provider did NOT implement inbound route filters . As always the =
weakest
> link is human factor - and no super-duper newest technology is ever to =
help
> here .
One problem with route filters is that the protection relies on the =
place closest to the problem to detect the leak.
Further on in the network, not as effective.
> As regards to S-bgp/soBGP from technical point of view , wait for the =
day
> when the vulnerability gets published (SSL-heartbleed style) that
> invalidates all this PKI stuff =85
Or the IRRs on which the route filters are built. (No need for =
publication of a vulnerability. See recent msgs about already known =
problems with IRRs.)
--Sandy
--Apple-Mail=_95AE80AC-94F4-44AD-9233-10EB538DC07E
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJUWNqyAAoJEHplpQeet0IZ8gUP/i39CZh3BeeRwSEAgzNlQcC9
Q3sSr/Posa7PL9ZkfiAECCnPa+J7WvgLaBtrTA+gCEU8NemR5nIBveGSwBOUaMJf
iD0gxCEg27tN9kJ2O2ehAGZ1ZGCCm48OyEn/h4uCdcL36yMUghSB6ZWJorM7QFhR
iEDfqZIOdlyjpqqQYHJMMvWbqYMQdcIHZhxC4OnOa7rlriSsxIECm+Eeu0p80KYa
4cU/zRSTuiOIA4n7iP26gjyoiJCe8Yj1gm1wkJ13tpOFDfOI+2uWjpzBBjfRvTqD
nmophu6a3uYa0TboFtiOhKWipXApRJPC7DM/q1PIso02apboSYlQlTQ1McL0M+nH
fwGYEEjQ/b78bqPmW57qYIHE7gS6+/EeOniVKacz2tb9Ol8eSDbaOpRrycG0bKyq
YxS5C6NpE0GGWoFllzp1dEznvmc0hcTJb3FhDPafvmP8+xgeoqO4pUkh9k8qkxmm
XnFQBQlWGDEJIPHwMWslYiZ8fzjHFP+h96+BZnS+ChI8GKz2yYMfU9mV7qHKFUZW
8k4bnNQhpX3zvMGdH/mjd1wCO5PTy6T0OAle2WXB9yAa5KYRXEr58c3PJfSovOIN
aKCLzFUdOXImVeV2rZH/Mq3JyosFDJTN1LcP3kS4/jWF3v8fOXecAZJ1pRLtvXqI
HPVw8/VQUcttOWPsn/AW
=99eV
-----END PGP SIGNATURE-----
--Apple-Mail=_95AE80AC-94F4-44AD-9233-10EB538DC07E--
