14 Feb
2009
14 Feb
'09
5:45 p.m.
On Feb 14, 2009, at 5:43 PM, Florian Weimer wrote:
* Steven M. Bellovin:
As Randy and Valdis have pointed out, if this isn't done very carefully it's an open invitation to a new, very effective DoS technique. You can't do this without authoritative knowledge of exactly who owns any prefix; you also have to be able to authenticate the request to blackhole it. Those two points are *hard*.
If you want to run a public exchange point, you need to solve the same announcement validation problem. Multiple organizations appear to do it successfully, so it can't be that difficult.
No you don't. And yes it is. To be clear, I am not saying it should or should not be done, just that your comparison is invalid. -- TTFN, patrick