[78407] in North American Network Operators' Group
Re: Heads up: Long AS-sets announced in the next few days
daemon@ATHENA.MIT.EDU (Jeroen Massar)
Thu Mar 3 12:04:03 2005
From: Jeroen Massar <jeroen@unfix.org>
To: Geoff Huston <gih@apnic.net>
Cc: routing-wg@ripe.net, nanog@merit.edu, ris-users@ripe.net
In-Reply-To: <6.0.1.1.2.20050303202606.022c2650@kahuna.telstra.net>
Date: Thu, 03 Mar 2005 18:02:09 +0100
Errors-To: owner-nanog@merit.edu
--=-B03ioFol4n4HCaYK1dGx
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Thu, 2005-03-03 at 20:27 +1100, Geoff Huston wrote:
>>On 2005-03-02, at 19.38, James A. T. Rice wrote:
>>
>> > This seems to suggest that you are just picking ASns at random to
>> > inject into the paths, and that you don't have a set of ASs which you
>> > have the assignees permission to use.
>>
>>Would't this then actually equate to resource hijacking along the lines
>>of prefix hijacking? Who will be the first to hit the RIRs?
>
>Isn't this a case of illustrating how easy it is to tell lies in BGP today=
?=20
>I don't
>see what hitting the RIRs has do to with this. The problem appears to be m=
ore
>basic than that - its just too easy to tell lies in BGP and get the lies=20
>propagated globally.
I am probably telling you what you already know, but for the ones who
don't know it yet:
Secure BGP (S-BGP):
http://www.ir.bbn.com/projects/s-bgp/
http://www.nanog.org/mtg-0306/pdf/bellovinsbgp.pdf
http://www.nwfusion.com/details/6484.html?def
and of course the sister by amongst others Cisco:
Secure Origin BGP (SO-BGP):
http://bgp.potaroo.net/ietf/idref/ draft-ng-sobgp-bgp-extensions/
http://www.nwfusion.com/details/6485.html
http://www.nanog.org/mtg-0306/pdf/alvaro.pdf=20
etc... most people know how to google I guess ;)
Aka BGP with certificates and other nice tricks.
Greets,
Jeroen
--=-B03ioFol4n4HCaYK1dGx
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Jeroen Massar / http://unfix.org/~jeroen/
iD8DBQBCJ0MRKaooUjM+fCMRAjxnAKCpUl8IlU2mJavPzqs166GwFD+gJgCfQ4xA
D+KBufUn0u7am/mD6/Gk5ns=
=c4yt
-----END PGP SIGNATURE-----
--=-B03ioFol4n4HCaYK1dGx--
