[180762] in North American Network Operators' Group
Re: Routing Insecurity (Re: BGP in the Washington Post)
daemon@ATHENA.MIT.EDU (Randy Bush)
Wed Jun 10 09:32:52 2015
X-Original-To: nanog@nanog.org
Date: Wed, 10 Jun 2015 06:31:07 -0700
From: Randy Bush <randy@psg.com>
To: Russ White <russw@riw.us>
In-Reply-To: <061c01d0a37f$d24844b0$76d8ce10$@riw.us>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
>> rtfm. bgpsec key aggregation is at the descretion of the operator.
>> they could use one key to cover 42 ASs.
>
> I've been reading the presentations and the mailing lists, both of
> which imply you should use one key per router for security reasons.
> I would tend to agree with that assessment, BTW.
folk have different threat models. yours (and mine) may be
propagation of router compromise. for others, it might be a subtle
increase in disclosure of router links. contrary to your original
assertion, the protocol supports both.
randy
