On 3 Jun 2015, at 9:04, Ethan Katz-Bassett wrote:
The same folks also followed up that workshop paper with a longer paper on the topic: https://www.cs.bu.edu/~goldbe/papers/sigRPKI.pdf
Thanks to you and to Dale Carter - I was unaware of these papers. Nonetheless, the risk remains of authorities interfering with the BGP as they've interfered with the DNS. I'm very cognizant of the non-trivial effects of route-hijacking, having been involved in helping get a few of them resolved. Nonetheless, my natural skepticism leads me to wonder whether we aren't better off with the problematic, error-prone system we have (not to mention the enumeration and enhanced DDoS impact of packeting routers doing crypto for their BGP sessions and which aren't protected via iACLs/GTSM). ----------------------------------- Roland Dobbins <rdobbins@arbor.net>