Heads up: Long AS-sets announced in the next few days

At 04:02 AM 4/03/2005, Jeroen Massar wrote:
>On Thu, 2005-03-03 at 20:27 +1100, Geoff Huston wrote:
> >>On 2005-03-02, at 19.38, James A. T. Rice wrote:
> >>
> >> > This seems to suggest that you are just picking ASns at random to
> >> > inject into the paths, and that you don't have a set of ASs which you
> >> > have the assignees permission to use.
> >>
> >>Would't this then actually equate to resource hijacking along the lines
> >>of prefix hijacking? Who will be the first to hit the RIRs?
> >
> >Isn't this a case of illustrating how easy it is to tell lies in BGP today?
> >I don't
> >see what hitting the RIRs has do to with this. The problem appears to be 
> more
> >basic than that - its just too easy to tell lies in BGP and get the lies
> >propagated globally.
>
>I am probably telling you what you already know, but for the ones who
>don't know it yet:
>
>Secure BGP (S-BGP):
>http://www.ir.bbn.com/projects/s-bgp/
>http://www.nanog.org/mtg-0306/pdf/bellovinsbgp.pdf
>http://www.nwfusion.com/details/6484.html?def
>
>and of course the sister by amongst others Cisco:
>
>Secure Origin BGP (SO-BGP):
>http://bgp.potaroo.net/ietf/idref/ draft-ng-sobgp-bgp-extensions/
>http://www.nwfusion.com/details/6485.html
>http://www.nanog.org/mtg-0306/pdf/alvaro.pdf

precisely - I think we've now managed to reach a common understanding
that looking for "lies" in BGP is a difficult and expensive task and more 
often than
not the "lies" get through anyway. The approaches above clearly flag what is
intended to be "truth", with the inference that what is not clearly traceable
back to originating attestations is a potential lie.  We really should be 
moving in
this direction now!

   Geoff