In message <556C8EBC.7080109@netassist.ua>, Max Tulyev writes:
Is there *IN THEIORY* any possibility to make BGP secure enough now?
Yes, RPKI protects from fat fingered people, but NOT protects from people doing hijacks knowlingly.
At the moment because not enough of the net is covered. When you get enough coverage then yes it will protect you because there is no way to get a valid CERT to authenticate the hijack. Even before that RPKI will limit the impact of the hijack by isolating the attack to the networks close to the injection points. Think of this as herd immunity.
The global routing registry really can be the solution, but it automatically gives one authority a power to cut off any network. Imagine how fast it will be used for censorship.
On 01.06.15 16:24, William Herrin wrote:
Interesting story about BGP and security in the Washington Post today:
http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-...
-Bill
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org