[56226] in North American Network Operators' Group
Re: BGP to doom us all
daemon@ATHENA.MIT.EDU (Bruce Pinsky)
Fri Feb 28 17:37:43 2003
Date: Fri, 28 Feb 2003 14:37:11 -0800
From: Bruce Pinsky <bep@whack.org>
Reply-To: bep@whack.org
To: Jim Deleskie <jdeleski@rci.rogers.com>
Cc: "'nanog@merit.edu'" <nanog@merit.edu>
In-Reply-To: <6F0C08B425B2D611ABB40003474D42DF740616@rssesnext.rogers.com>
Errors-To: owner-nanog-outgoing@merit.edu
Jim Deleskie wrote:
> Bruce,
>
> I agree, while we all need to 'do the right thing' and only announce what
> we are suppose to, we also need to maintain the right level being paranoid
> to protect the networks we are responsible for.
>
Right. And so while authentication and encryption of routing protocol exchanges
is a necessary future to insure authenticity, it doesn't and won't absolve
providers from the responsiblity of filtering both what they receive and what
they transmit.
And ideally, a goal of tying a route filtering mechanism to the authentication
mechanism (i.e. adding authorization on top of authentication) would
significantly reduce the burden and complexity of maintaining good route filters
and thereby increase the chance that providers will implement them.
==========
bep
