On 14 nov 2008, at 17:49, Hallam-Baker, Phillip wrote:
BGP is not a secure protocol.
Not disagreeing, but what makes for a secure protocol?
So why do you think it is appropriate for end user applications to
make assumptions about end entity identity on the basis of source IP
I don't. But then again I don't believe in firewalls so it doesn't
cost me anything to forego this assumption. But if all you have is a
hammer and a nail comes along, you start hammering without asking too
many questions. (I.e., addresses are there so if you have a firewall
the natural thing is to filter based on them, even though it's
If you take a look at DKIM you will see that the approach there is
to independently authenticate the hops.
That didn't make sense in S-BGP so without being aware of the details
of DKIM I'm going to assume it doesn't make sense there either.
Ietf mailing list