[52170] in North American Network Operators' Group
Re: Whitehouse Tackels Cybersecurity
daemon@ATHENA.MIT.EDU (Sean Donelan)
Wed Sep 18 11:13:08 2002
Date: Wed, 18 Sep 2002 11:12:34 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <290117f2902e45.2902e45290117f@gmu.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 18 Sep 2002 sgorman1@gmu.edu wrote:
> A little flavor of what I'd alluded to in some of the previous
> threads. Any guesses what the proposal to change both BGP and DNS to
> improve security might entail??
The official document should be posted on WhiteHouse.GOV later today. An
almost final draft copy was leaked on the net yesterday.
http://www.infowarrior.org/draftstrategy.pdf
DNSSEC and S-BGP have been mentioned as possible solutions. Technically
some of the proposals are very elegant. However, we have to be careful
about introducing more complexity into the system than necessary. Over
the last year we've seen several errors in the implementation several
security protocols. I don't believe security people are any better
programmers than application people. What I worry about more is we are
developing extremely secure, and complex methods for protecting garbage.
Garbage-In, Garbage-Out.
