On Mon, Jun 1, 2015 at 6:24 AM, William Herrin <bill@herrin.us> wrote:
Interesting story about BGP and security in the Washington Post today:
http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-...
-Bill
The article left me with the feeling that there was a secure version of BGP that is available but network operators are too short-term-focused and foolish to deploy it. I believe the situation is more complicated than that, no? There is no "secure version of BGP". There are a handful of things that help, like RPKI ... but they are far off from hitting the mark of "securing the internet"... not too mention the ARIN RPKI SNAFU with various lawyers that make RPKI impossible for a large part of the internet. CB PS. All my ipv4 and ipv6 routes are RPKI signed, but I can't validate because Cisco does not think validation within a VRF is an IOS-XR worthy features PPS. It does blow my mind that the internet works so well given that its security relies on the good faith and reputation of a few network janitors and plumbers
-- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>