[180763] in North American Network Operators' Group
RE: Routing Insecurity (Re: BGP in the Washington Post)
daemon@ATHENA.MIT.EDU (Russ White)
Wed Jun 10 09:44:23 2015
X-Original-To: nanog@nanog.org
From: "Russ White" <russw@riw.us>
To: "'Randy Bush'" <randy@psg.com>
In-Reply-To: <m2si9zofl0.wl%randy@psg.com>
Date: Wed, 10 Jun 2015 09:44:14 -0400
Cc: 'North American Network Operators' Group' <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> folk have different threat models. yours (and mine) may be propagation of
> router compromise. for others, it might be a subtle increase in
disclosure of
> router links. contrary to your original assertion, the protocol supports
both.
The increased disclosure is not "subtle." The alternate -- deploying a new
key to every eBGP speaker in your network while the security of all your
routes is compromised, isn't so "subtle" either. It's a bad tradeoff in
either direction -- typical of solutions that ask the wrong questions in the
first place.
Russ
