nanog mailing list archives
Re: Routing Insecurity (Re: BGP in the Washington Post)
From: David Mandelberg <david () mandelberg org>
Date: Tue, 09 Jun 2015 19:09:45 -0400
On 2015-06-05 02:40, Roland Dobbins wrote:
On 5 Jun 2015, at 10:56, David Mandelberg wrote:Could you elaborate on your enumeration and DDoS concerns?Crypto = more overhead. Less priority to crypto plus DDoS = routing update issues.
I don't think there's an update issue here. The crypto verification is probably going to be deferred in addition to being low priority. If I understand it correctly, this means that a route can be passed along right away without waiting for the crypto checks.
One can infer peering relationships in a way not possible before.
How?
What about bogus signatures?
If I understand correctly, these routes (and all newly received routes) will initially be treated similarly to unsigned routes. Once BGPsec validation completes, then local policy determines what to do with the validation results.
-- David Eric Mandelberg / dseomn http://david.mandelberg.org/
Current thread:
- Re: Routing Insecurity (Re: BGP in the Washington Post), (continued)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 01)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Mark Andrews (Jun 01)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 02)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Denis Fondras (Jun 02)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 02)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Dale W. Carder (Jun 02)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Ethan Katz-Bassett (Jun 02)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 03)
- Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 04)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 04)
- Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 09)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Valdis . Kletnieks (Jun 09)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Valdis . Kletnieks (Jun 09)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Randy Bush (Jun 10)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Randy Bush (Jun 10)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
- Re: Routing Insecurity (Re: BGP in the Washington Post) Sandra Murphy (Jun 10)
- RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 11)
- RE: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 11)