North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: YouTube IP Hijacking

  • From: Steven M. Bellovin
  • Date: Mon Feb 25 03:36:35 2008

On Mon, 25 Feb 2008 01:49:51 -0500 (EST)
Sean Donelan <[email protected]> wrote:

> On Mon, 25 Feb 2008, Steven M. Bellovin wrote:
> > How about state-of-the-art routing security?
> The problem is what is the actual trust model?
> Are you trusting some authority to not be malicious or never make a 
> mistake?
> There are several answers to the malicious problem.
> There are fewer answers to never making a mistake problem.
> The state of the art routing security proposals let the "trusted"
> securely make mistakes.  At one time or another, I think every router
> vendor, every ASN operator, every RIR, and so on has made a mistake
> at some time.
> Yeah, I know some of those mistakes may have actually been malicious,
> but so far the mistakes have outnumbered the malicious.
> If someone comes up with the anti-mistake routing protocol ...

Right.  Everyone makes mistakes, but not everyone is malicious.    And
the RIRs and the big ISPs are *generally* more clueful than the little
guys and the newcomers.  Note also that secured BGP limits the kinds
of mistakes people can make.  If I have a certificate from my RIR for, I can't neither announce nor delegate it to
you, no matter how badly I type.  Secured BGP still strikes me as a net

		--Steve Bellovin,