nanog mailing list archives
Re: Carriers need to independently verify LOAs
From: Matt Erculiani <merculiani () gmail com>
Date: Mon, 19 Apr 2021 15:01:02 -0600
Nothing is stopping the perpetrator of a BGP hijack as a result of a forged or otherwise illegitimate LOA from facing civil litigation as a result of revenue loss or other harm done. This thread and others like it highlight that there is absolutely some negligence here and could very well find itself in an evidence pile at some point in the future. So there IS liability, but the lack of solid precedent means that the bean counters can't assign a dollar amount to the risk associated with blindly accepting LOAs, and therefore it might as well not exist. Someday, somebody will have the pants sued off them because they let their new customer hijack the hell out of a government entity, bank, oil company, etc. and we'll start to see better processes. -Matt On Mon, Apr 19, 2021 at 11:59 AM Sean Donelan <sean () donelan com> wrote:
On Mon, 19 Apr 2021, Peter Beckman wrote:And while it would be nice if everyone "independently verified every LOA" the cost of doing so in the far-too-many edge cases is business-endingly high.If carriers faced legal liability, with appropriate incentatives, I'd bet they would solve the verification problem -- quickly, cheaply. No liability -- no reason to solve the problem.
-- Matt Erculiani ERCUL-ARIN
Current thread:
- Carriers need to independently verify LOAs Sean Donelan (Apr 19)
- Re: Carriers need to independently verify LOAs Joe Greco (Apr 19)
- Re: Carriers need to independently verify LOAs Peter Beckman (Apr 19)
- Re: Carriers need to independently verify LOAs Sean Donelan (Apr 19)
- Re: Carriers need to independently verify LOAs Matt Erculiani (Apr 19)
- Re: Carriers need to independently verify LOAs Peter Beckman (Apr 19)
- Re: Carriers need to independently verify LOAs Joe Greco (Apr 19)