This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ris-users@ripe.net/
Heads up: Long AS-sets announced in the next few days
- Previous message (by thread): Heads up: Long AS-sets announced in the next few days
- Next message (by thread): Heads up: Long AS-sets announced in the next few days
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Geoff Huston
gih at apnic.net
Thu Mar 3 19:42:54 CET 2005
At 04:02 AM 4/03/2005, Jeroen Massar wrote: >On Thu, 2005-03-03 at 20:27 +1100, Geoff Huston wrote: > >>On 2005-03-02, at 19.38, James A. T. Rice wrote: > >> > >> > This seems to suggest that you are just picking ASns at random to > >> > inject into the paths, and that you don't have a set of ASs which you > >> > have the assignees permission to use. > >> > >>Would't this then actually equate to resource hijacking along the lines > >>of prefix hijacking? Who will be the first to hit the RIRs? > > > >Isn't this a case of illustrating how easy it is to tell lies in BGP today? > >I don't > >see what hitting the RIRs has do to with this. The problem appears to be > more > >basic than that - its just too easy to tell lies in BGP and get the lies > >propagated globally. > >I am probably telling you what you already know, but for the ones who >don't know it yet: > >Secure BGP (S-BGP): >http://www.ir.bbn.com/projects/s-bgp/ >http://www.nanog.org/mtg-0306/pdf/bellovinsbgp.pdf >http://www.nwfusion.com/details/6484.html?def > >and of course the sister by amongst others Cisco: > >Secure Origin BGP (SO-BGP): >http://bgp.potaroo.net/ietf/idref/ draft-ng-sobgp-bgp-extensions/ >http://www.nwfusion.com/details/6485.html >http://www.nanog.org/mtg-0306/pdf/alvaro.pdf precisely - I think we've now managed to reach a common understanding that looking for "lies" in BGP is a difficult and expensive task and more often than not the "lies" get through anyway. The approaches above clearly flag what is intended to be "truth", with the inference that what is not clearly traceable back to originating attestations is a potential lie. We really should be moving in this direction now! Geoff
- Previous message (by thread): Heads up: Long AS-sets announced in the next few days
- Next message (by thread): Heads up: Long AS-sets announced in the next few days
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]