Bruce, I agree, while we all need to 'do the right thing' and only announce what we are suppose to, we also need to maintain the right level being paranoid to protect the networks we are responsible for. -Jim -----Original Message----- From: Bruce Pinsky [mailto:bep@whack.org] Sent: Friday, February 28, 2003 5:17 PM To: Jim Deleskie Cc: 'nanog@merit.edu' Subject: Re: BGP to doom us all Jim Deleskie wrote:
http://news.com.com/2100-1009-990608.html?tag=fd_lede1_hed
Seems the BGP will be the down fall of the internet, the sky is falling
the
sky is falling
What a crock of crap. Knowing who someone is doesn't stop them from causing intentional or unintentional problems. In fact, authentication is more likely to cause people to become complacent wrt their filtering policies. Hey I've authenticated that router so it's going to only send me correct routes. Puleeeaaazzzz... ========== bep
Jim Deleskie wrote:
Bruce,
I agree, while we all need to 'do the right thing' and only announce what we are suppose to, we also need to maintain the right level being paranoid to protect the networks we are responsible for.
Right. And so while authentication and encryption of routing protocol exchanges is a necessary future to insure authenticity, it doesn't and won't absolve providers from the responsiblity of filtering both what they receive and what they transmit. And ideally, a goal of tying a route filtering mechanism to the authentication mechanism (i.e. adding authorization on top of authentication) would significantly reduce the burden and complexity of maintaining good route filters and thereby increase the chance that providers will implement them. ========== bep
participants (2)
-
Bruce Pinsky -
Jim Deleskie