|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: LoA (Letter of Authorization) for Prefix Filter Modification?
> On Tue, 16 Sep 2008, Christian Koch wrote: > > I dont mind, i think it is another good step towards 'good filtering' > > but...i think the PITA part is > > downstream 'clueless' customers, who may need an explanation on prefix > > hijacking and the state > > of the internet today, and that these are all just combined efforts to > > minimize the risk of accepting allocations > > that don't belong to you. > > IMO, it's just an illusion of added security and is really just CYA for > the provider. When I fax TWTelecom an LOA that a customer faxed to me, > how does TWTelecom verify the authenticity of that LOA? I doubt they try. > I suspect it's just filed, and will only be pulled out if the > advertisement is challenged by some 3rd party. How do you verify the authenticity of anything? This is a common problem in the Real World, and is hardly limited to LoA's. How do you prove that what was on Pages 1 to (N-1) of an N page contract contained the words you think they said? I knew a guy, back in the early days, who habitually changed the SLA's in his contracts so that he could cancel a contract for virtually no reason at all ... the folly of mailing around contracts as .doc files in e-mail. But even failing that, it's pretty trivial to reprint a document, so where do you stop, do you use special paper, special ink, watermarking of documents, initial each page, all of the above, etc? Look at what people are willing to go through with paper checks to increase the chances of authenticity. Google Abagnale. The real world already has ways of dealing with fraud and forgery, and while the paper is certainly CYA for the provider, it does provide an actual trail back that can probably be followed to some party. To refer to it as an "illusion" is only vaguely true. It is an illusion in that it will not prevent all cases of hijacking. Of course. However, it is another step that makes it significantly more difficult for someone to just start announcing random bits of IP space. It's just like physical security, in many ways. Given a sufficiently determined attacker, any door can be broken. Wood door? May require only my boot. Steel door? Prybar. Bank vault? Explosives. Etc. The thing is, as you increase the level of protection, the ease of countermeasures typically decreases (I wear my boots almost 100% of the time, I may have a prybar nearby, but I am unlikely to be carrying explosives at any time.) So let's not trivialize improvements such as LoA's which reduce the ease of hijackings, eh. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
|