|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
>My issue is that if ISPs a) only announce networks that they know >(for different values of know - but hopefully based on some kind of >trust in the RIR's data) they are authorized to announce, and b) took >responsibility for the behavior of the paths or prefixes they >announce, and the bits that are originated in those paths or >prefixes, and took action to stop the bad behavior, the issue of >trust paths might not be so critical. Problems with bad routing behavior have been around since the very earliest days of the Arpanet - I think we'd be mad to rely on that going away. (As long as everybody was honest, there'd be no need for fraud laws and law enforcement and courts.... lost cause, there.) One of the hoped for goals of the various security solutions is the ability to make your own check of what you are being told, so if someone along the way is less than correct and less than diligent in checking what they are propagating, you the diligent one can stop the problems. --Sandy |