nanog mailing list archives
Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)
From: Danny McPherson <danny () tcb net>
Date: Fri, 20 Jan 2012 09:11:41 -0500
On Jan 20, 2012, at 8:08 AM, Yang Xiang wrote:
I think network operators are only careless, but not trust-less, so black-hole hijacking is the majority case.
This is aligned with the discussion on route leaks at the proposed interim SIDR meeting just after NANOG. Even with RPKI and BGPSEC fully deployed we still have this vulnerability, which commonly manifests itself today even by accident. RPKI-enabled BGPSEC would give you some assurances that the ASes in the AS_PATH represent the list of ASes through which the NLRI traveled, but nothing about whether it should have traversed those ASes in the first place -- so we still need something somewhere to mitigate that threat. See this draft for more information: <http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack-bgpsec-no-help-01> -danny
Current thread:
- Re: Argus: a hijacking alarm system, (continued)
- Re: Argus: a hijacking alarm system Jeroen Massar (Jan 20)
- Re: Argus: a hijacking alarm system Yang Xiang (Jan 20)
- Re: Argus: a hijacking alarm system Suresh Ramasubramanian (Jan 20)
- Re: Argus: a hijacking alarm system Yang Xiang (Jan 20)
- Re: Argus: a hijacking alarm system Jeroen Massar (Jan 20)
- Re: Argus: a hijacking alarm system Yang Xiang (Jan 20)
- Re: Argus: a hijacking alarm system Yang Xiang (Jan 20)
- Re: Argus: a hijacking alarm system Jeroen Massar (Jan 20)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Yang Xiang (Jan 20)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Arturo Servin (Jan 20)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Yang Xiang (Jan 20)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Danny McPherson (Jan 20)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Christopher Morrow (Jan 22)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Yang Xiang (Jan 23)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Christopher Morrow (Jan 23)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Yang Xiang (Jan 23)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) John Kemp (Jan 23)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Yang Xiang (Jan 23)
- Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system) Richard Barnes (Jan 20)
- Re: Argus: a hijacking alarm system RijilV (Jan 20)