[28918] in North American Network Operators' Group
Re: That pesky AS path corruption bug...
daemon@ATHENA.MIT.EDU (John Fraizer)
Wed May 24 00:35:51 2000
Date: Wed, 24 May 2000 00:33:40 -0400 (EDT)
From: John Fraizer <nanog@EnterZone.Net>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
In-Reply-To: <20000523204759.25252.cpmta@c004.sfo.cp.net>
Message-ID: <Pine.LNX.3.96.1000524003204.17089B-100000@Overkill.EnterZone.Net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On 23 May 2000, Sean Donelan wrote:
>
> On Tue, 23 May 2000, Jeff Haas wrote:
> > The only valid defense against such mucking that I can think of
> > is verifying AS adjacencies against some registry and flagging
> > unknown paths. This is not a cheap thing to do. This, however,
> > is far saner than cryptographically signing all routing updates
> > which is one solution I've heard proposed. :-P
>
> You can cryptographically sign bad information as well as good
> information. Cryptography is good for detecting alterations, not
> if the information was correct in the first place.
>
Ahhh... But, if the router is sufficiently confused to be screwing up the
update, it will quite possibly be too confused to successfully sign the
update and it will fail authentication when the peer receives it.
---
John Fraizer
EnterZone, Inc
