In message <CAL9jLaZNRdE0gL4nVn93vhv1BOBtx0EKgJet8pVXa3Mve1Gy_Q@mail.gmail.com>, Christopher Morrow writes:
On Tue, Jun 6, 2017 at 8:26 PM, Mark Andrews <marka@isc.org> wrote:
Now we could continue discussing how easy it is to hijack addresses of we could spend the time addressing the problem. All it takes is a couple of transit providers to no longer accept word-of-mouth and the world will transition overnight.
i don't think any transit providers were used in the previous thread worth of examples/comms... I don't know that IXP folk either: 1) want to be the police of this 2) should actually be the police of this (what is internet abuse? from who's perspective? oh...)
The 'solution' here isn't new though... well, one solution anyway: https://tools.ietf.org/html/rfc6810
You missed the point. We have the mechanisms to prevent hijacking today. We just need to use them and stop using the traditional mechanisms which cannot be mathematically be verified as correct. Getting to that stage requires several companies to simultaneously say "we will no longer accept <list> as valid mechanisms to verify routes announcements. You need to use X or else we won't accept the announcement". Yes, this requires guts to do. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org