|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: YouTube IP Hijacking
On Mon, 25 Feb 2008 01:49:51 -0500 (EST) Sean Donelan <[email protected]> wrote: > > On Mon, 25 Feb 2008, Steven M. Bellovin wrote: > > How about state-of-the-art routing security? > > The problem is what is the actual trust model? > > Are you trusting some authority to not be malicious or never make a > mistake? > > There are several answers to the malicious problem. > > There are fewer answers to never making a mistake problem. > > The state of the art routing security proposals let the "trusted" > securely make mistakes. At one time or another, I think every router > vendor, every ASN operator, every RIR, and so on has made a mistake > at some time. > > Yeah, I know some of those mistakes may have actually been malicious, > but so far the mistakes have outnumbered the malicious. > > If someone comes up with the anti-mistake routing protocol ... Right. Everyone makes mistakes, but not everyone is malicious. And the RIRs and the big ISPs are *generally* more clueful than the little guys and the newcomers. Note also that secured BGP limits the kinds of mistakes people can make. If I have a certificate from my RIR for 192.0.2.0/24, I can't neither announce 10.0.0.0/8 nor delegate it to you, no matter how badly I type. Secured BGP still strikes me as a net win. --Steve Bellovin, http://www.cs.columbia.edu/~smb
|