[191474] in North American Network Operators' Group
Re: "Defensive" BGP hijacking?
daemon@ATHENA.MIT.EDU (Mel Beckman)
Fri Sep 16 12:06:58 2016
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Doug Montgomery <dougm.work@gmail.com>
Date: Fri, 16 Sep 2016 16:06:19 +0000
In-Reply-To: <CAMaMmnncHU9k9gd1VFHb3Ab1uVuFfKYY5R8JtmaD0VgeJUz_nA@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Doug,
Although RPKI is voluntary and decisions are local, those decisions are als=
o automated. DNS is voluntary, and decisions are local as well, yet the gov=
ernment has been able to leverage DNS to unilaterally seize domain names wi=
thout due process. Like Maxwell's Demons, it's theoretically possible for I=
SPs everywhere to notice government malfeasance and rush to a unified decis=
ion to counter it. But in practice this never happens.
Preventing government manhandling needs to be a design goal.
-mel beckman
On Sep 16, 2016, at 8:32 AM, Doug Montgomery <dougm.work@gmail.com<mailto:d=
ougm.work@gmail.com>> wrote:
Ah, the global system I was referring to was the RPKI as distributed reposi=
tory of routing information. With consistent properties (data formats, sec=
urity models, data validation techniques, etc) across all 5 RIRs.
What an ISP does with the RPKI data, interns of route filtering, is always =
a local policy decision. Somehow "global enforcement system" sounded lik=
e a vision where ISPs don't have a choice of how and where to use the syste=
m. Maybe I read too much into the phrasing.
In the end, I think the issues boils down to if the community has the desir=
e and will to address the route hijack issue. If the answer is no, then =
no further discussion is needed. If the answer is yes, then it is best to =
discuss and compare real proposals / mechanisms to address the issue at sca=
le.
I am still interested in some detail on the "tyranny implications". We can=
't address them until we know what they are and how they compare to any oth=
er solution that tries to address the same problem.
dougm
On Wed, Sep 14, 2016 at 6:04 PM, Mel Beckman <mel@beckman.org<mailto:mel@be=
ckman.org>> wrote:
Doug,
I was basing my comments on your statement "If only there were a global sys=
tem.." However you slice or dice it, the tyranny implications have not yet=
been addressed. That certainly needs to be in front of any technical idea =
such as RPKI.
Although I haven't participated in the OT&E, nothing I've read in RFC 6810 =
talks about these issues. It talks about authentication and transport secur=
ity, but doesn't talk about the potential for government interference.
-mel beckman
On Sep 14, 2016, at 8:22 AM, Doug Montgomery <dougm.work@gmail.com<mailto:d=
ougm.work@gmail.com>> wrote:
Mel,
If you are speaking of RPKI based origin validation, I am not sure "automat=
ed / global enforcement system" is a useful description. It does provide =
a consistent means for address holders to declare AS's authorized to announ=
ce prefixes, and a means for remote ASs to compare received updates vs such=
declarations. What the receiving AS does with the validation information=
is strictly a local policy matter.
Frankly, this is no more a "new automated enforcement system" than IRR-base=
d route filtering has been for 20 years. The only difference is that there=
is a consistent security model across all 5 RIRs as to who can make such d=
eclarations and it is tightly tied to the address allocation business proce=
ss.
I have seen a lot of FUD about the specter of interference, but not a lot o=
f serious thought / discussion. Having a serious technical discussion of p=
otential risks and mitigations in the system would be useful.
dougm
On Wed, Sep 14, 2016 at 10:51 AM, Mel Beckman <mel@beckman.org<mailto:mel@b=
eckman.org>> wrote:
Scott and Doug,
The problem with a new automated enforcement system is that it hobbles both=
agility and innovation. ISPs have enjoyed simple BGP management, entirely =
self-regulated, for decades. A global enforcement system, besides being dan=
g hard to do correctly, brings the specter of government interference, sinc=
e such a system could be overtaken by government entities to manhandle free=
speech.
In my opinion, the community hasn't spent nearly enough time discussing the=
danger aspect. Being engineers, we focus on technical means, ignoring the =
fact that we're designing our own guillotine.
-mel beckman
> On Sep 14, 2016, at 12:10 AM, Scott Weeks <surfer@mauigateway.com<mailto:=
surfer@mauigateway.com>> wrote:
>
>
>
> --- dougm.work@gmail.com<mailto:dougm.work@gmail.com> wrote:
> From: Doug Montgomery <dougm.work@gmail.com<mailto:dougm.work@gmail.com>>
>
> If only there were a global system, with consistent and verifiable securi=
ty
> properties, to permit address holders to declare the set of AS's authoriz=
ed
> to announce their prefixes, and routers anywhere on the Internet to
> independently verify the corresponding validity of received announcements=
.
>
> *cough https://www.nanog.org/meetings/abstract?id=3D2846 cough*
> ------------------------------------------------
>
>
> Yes, RPKI. That's what I was waiting for. Now we can get to
> a real discussion... ;-)
>
> scott
--
DougM at Work
--
DougM at Work
