[86942] in North American Network Operators' Group
Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
daemon@ATHENA.MIT.EDU (Sandy Murphy)
Wed Nov 23 19:52:08 2005
Date: Wed, 23 Nov 2005 19:49:12 -0500 (EST)
From: Sandy Murphy <sandy@tislabs.com>
To: randy@psg.com, rjoffe@centergate.com
Cc: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
>My issue is that if ISPs a) only announce networks that they know
>(for different values of know - but hopefully based on some kind of
>trust in the RIR's data) they are authorized to announce, and b) took
>responsibility for the behavior of the paths or prefixes they
>announce, and the bits that are originated in those paths or
>prefixes, and took action to stop the bad behavior, the issue of
>trust paths might not be so critical.
Problems with bad routing behavior have been around since the very
earliest days of the Arpanet - I think we'd be mad to rely on that
going away. (As long as everybody was honest, there'd be no need for
fraud laws and law enforcement and courts.... lost cause, there.)
One of the hoped for goals of the various security solutions is the
ability to make your own check of what you are being told, so if someone
along the way is less than correct and less than diligent in checking
what they are propagating, you the diligent one can stop the problems.
--Sandy
