[88277] in North American Network Operators' Group
Re: So -- what did happen to Panix?
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Fri Jan 27 07:52:08 2006
Date: Fri, 27 Jan 2006 12:51:40 +0000
From: bmanning@vacation.karoshi.com
To: Randy Bush <randy@psg.com>
Cc: Jared Mauch <jared@puck.nether.net>, nanog@nanog.org
In-Reply-To: <17370.5068.959991.196442@roam.psg.com>
Errors-To: owner-nanog@merit.edu
On Fri, Jan 27, 2006 at 04:36:28AM -0800, Randy Bush wrote:
>
> > what I saw by going through the diffs, etc.. that I have
> > available to me is that the prefix was registered to be announced
> > by our customer and hence made it into our automatic IRR filters.
>
> i.e., the 'error' was intended, and followed all process.
>
> so, what i don't see is how any hacks on routing, such as delay,
> history, ... will prevent this while not, at the same time, have
> very undesired effects on those legitimately changing isps.
>
> seems to me that certified validation of prefix ownership and as
> path are the only real way out of these problems that does not
> teach us the 42 reasons we use a *dynamic* protocol.
perhaps you mean certified validation of prefix origin
and path. Ownership of any given prefix is a dicey concept
at best.
as a start, i'd want two things for authentication and integrity
checks: AS P asserts it is the origin of prefix R and prefix R
asserts the true origin AS is P (or Q or some list). Being able
to check these assertions and being assured of the authenticity
and integrity of the answers goes a long way, at least for me.
path validation is something else and a worthwhile goal.
--bill
>
> what am i missing here?
>
> randy
