On Wed, Aug 31, 2011 at 12:56 PM, Denis Spirin <noc@link-telecom.net> wrote: (snip)
So, noone is protected from IP network stealing. And noone cares. If Internap or it's uplinks was more clever and more insistent - we really had a chance to lost our networks forever.
Denis, I think you handled it pretty well from your end.
I definitely sure we need to found and implement some practice for prevent IP hijacking. I dug a lot of things about secure routing, PKI signing and so on - there are no working solutions now, as well as will not be in near future.
As has been referred in this thread a few times already, there's been a long recent discussion on BGPSEC+RPKI in RIPE's address-policy working group. Because big red "remove-it" buttons inevitably leads to things like http://www.guardian.co.uk/world/2011/aug/30/pakistan-bans-encryption-softwar... : "Recently the regulator made it impossible for Pakistanis to access the website of Rolling Stone magazine, after it published an article on the high proportion of the national budget in Pakistan that goes on its military."
But it is possible to negotiate and arrange the formal (administrative) best practice for resolving and preventing such issues. Is there any ideas?
I offer: Keep records, talk to people, keep domain names. Network with people, use GPG (perhaps even put fingerprint on business card?), and so on. With the latest incarnation of utter failure of the CA trust model/design for websites, there seems to be renewed energy into providing alternative ways to model (distributed) trust. It looks like to me that we're moving towards a multi-source based trust system more and more ( http://perspectives-project.org/ , http://convergence.io/ ). I guess something similar will happen with BGP data (it's suggested to be one of several metrics in convergence), or they may just end up being pretty much the same system. *This* is the general path forward for a robust future Internet... Best regards, Martin