[180431] in North American Network Operators' Group
Re: BGP in the Washngton Post
daemon@ATHENA.MIT.EDU (Mark Andrews)
Tue Jun 2 20:05:21 2015
X-Original-To: nanog@nanog.org
To: Max Tulyev <maxtul@netassist.ua>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Mon, 01 Jun 2015 19:56:28 +0300."
<556C8EBC.7080109@netassist.ua>
Date: Wed, 03 Jun 2015 10:05:12 +1000
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
In message <556C8EBC.7080109@netassist.ua>, Max Tulyev writes:
> Is there *IN THEIORY* any possibility to make BGP secure enough now?
>
> Yes, RPKI protects from fat fingered people, but NOT protects from
> people doing hijacks knowlingly.
At the moment because not enough of the net is covered. When you
get enough coverage then yes it will protect you because there is
no way to get a valid CERT to authenticate the hijack.
Even before that RPKI will limit the impact of the hijack by isolating
the attack to the networks close to the injection points. Think
of this as herd immunity.
> The global routing registry really can be the solution, but it
> automatically gives one authority a power to cut off any network.
> Imagine how fast it will be used for censorship.
> On 01.06.15 16:24, William Herrin wrote:
> > Interesting story about BGP and security in the Washington Post today:
> >
> > http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/
> >
> > -Bill
> >
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
