[52174] in North American Network Operators' Group
Re: Whitehouse Tackels Cybersecurity
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Wed Sep 18 13:32:24 2002
Date: Wed, 18 Sep 2002 19:31:41 +0200 (CEST)
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: <nanog@merit.edu>
In-Reply-To: <20020918155946.BB3917B68@berkshire.research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 18 Sep 2002, Steven M. Bellovin wrote:
> See http://www.whitehouse.gov/pcipb/
Wow, we should all start using out of band management. Anyone think it is
feasible to do management of an IP network exclusively out of band?
And BGP should be more secure. What is the problem we should be trying to
fix here? There is a "Secure BGP" draft:
http://www.ir.bbn.com/projects/sbgp/draft-clynn-s-bgp-protocol-00a.txt
Implementing this may make BGP very secure, but it will make the internet
as a whole much less reliable because routing will no longer be a function
that can be performed autonomously by routers, but something that's tied
into a global (public key) infrastructure. An infrastructure that depends
on routing to work... Hello circularity.
I read solutions (well, avenues for possible solutions) without a good
indication of what the problem is. (That goes for both the Secure
Cyberspace and S-BGP drafts.)
