[80997] in North American Network Operators' Group
Re: soBGP deployment
daemon@ATHENA.MIT.EDU (Randy Bush)
Sat May 21 14:26:38 2005
From: Randy Bush <randy@psg.com>
Date: Sat, 21 May 2005 08:25:54 -1000
To: vijay gill <vijay@umbc.edu>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
> If you are an operator, would you deploy soBGP or something like it? If
> not, why not.
as smb has said for years, routing and dns are the two largest
vulnerabilities.
something like it, for sure. but i vastly prefer the s-bgp
approach as it maps closely to bgp operational reality, and does
not rely on a published policy database, which we have seen fail
for over a decade, etc.
we should learn from the decade-long problems with the deployment
issues in dnssec, and map routing security as closely as possible
to operational protocol and reality.
randy
