On Dec 8, 2010, at 10:13 AM, Eugen Leitl wrote:
http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2010/120710-chinese-internet-traffic-fix.html&pagename=/news/2010/120710-chinese-internet-traffic-fix.html&pageurl=http://www.networkworld.com/news/2010/120710-chinese-internet-traffic-fix.html&site=printpage&nsdr=n Fix to Chinese Internet traffic hijack due in January
FWIW, I was fairly unhappy with how PCH was portrayed in the article... That was the product of a very long interview, and we certainly didn't suggest that the Prefix Sanity Checker was an _alternative_ to RPKI. I very much think routing security is a critical issue, the Prefix Sanity Checker was a baby-step in that direction, which will help some people some of the time; tools that perform a cryptographic verification of RADb-style origin and transitive-path assertions are the obvious next step, and I'd very much like to see them developed. It does seem to me, and a lot of people who've talked with me about it, however, that using existing cryptographic methods on top of existing routing-policy methods, would get us further, faster, than trying to cook up some whole new single-purpose protocol from scratch. That was the essence of the interview I gave, and I don't think that message made it through into the finished article very obviously. -Bill