At 02:31 PM 5/20/2005 -0400, Christopher Woodfield wrote:
As far as answering the "First Goal" of the article, I really don't see much here that isn't handled today by route registries, except for the TLS certificate stuff. Not sure how much security that adds, practically; how often do people see their route objects jacked by hax0rs?
Unfortunately it doesn't really matter how unlikely or how infrequent people hijack routes. The hijack of one high profile prefix is going to cause a lot of damage, which could number in the multi-millions of dollars. I also don't see routing registries today really providing highly accurate information. Sure most of the time it is pretty good but you really don't know for sure. Yes securing BGP is a lot of work, but I believe something is going to have to happen as time goes on. There is just too much risk for not preventing hijacking of address space. We as operators can decide to secure the network or after some 'incident' occurs a government will mandate something that may not be fully baked and could be a lot more work. Andrew