There is a big difference in real engineering (i.e. outside a
university) between a solution that only addresses part of a problem
and one that is 'useless'.
In this case it is much more important to restrict the application of
cryptography to problems that it solves well than to attempt to solve
every problem.
In observed attacks and in simulations, the IP-AS number attack is
much more significant than the routing layer attack in most
circumstances. The IP-AS attack is global, the effects of the routing
layer attack are local.
There are many security concerns that BGP security could address. The
only concerns for which a BGP security solution is essential is to
prevent Denial of Service attacks and to prevent hijacking of IPv4
space after exhaustion is reached.
I believe that the most likely scenario in which BGP security is
actually deployed is that the IPv4 space runs out and we then see a
huge increase in address block theft and bogon injection by spammers
and other malicious actors. I have deliberately crafted a solution
that can be applied in a 'save your ass' mode.
The routing level attack will remain, but that is only an issue for AS
networks that are not directly connected. Networks that are directly
connected are not going to be fooled by bogus routes, particular not
by routes that are several hops removed.
While that may seem a somewhat callous observation 'ok, so huge chunks
of the net can fail', the point is that we can avoid some of the more
painful consequences of critical infrastructure that relies on IP
connectivity collapsing through some fairly simple measures. We can
also avoid deadlock situations where the net falls down and we can't
bring it back because the routing tables are totally contaminated.
In practice though, the consequences of routing manipulation are
manageable. Worst case we can revert to the routing tables that worked
an hour ago. or a day ago and get to 95% normalcy.
On Mon, Mar 15, 2010 at 7:24 PM, Masataka Ohta
<mohta(_at_)necom830(_dot_)hpcl(_dot_)titech(_dot_)ac(_dot_)jp> wrote:
Phillip Hallam-Baker wrote:
As was discussed already in this ML, RPKI is useless.
Even if an AS owning an address block is securely known, it does
not secure routing to the address block through other ASes.
Masataka Ohta
--
--
New Website: http://hallambaker.com/
View Quantum of Stupid podcasts, Tuesday and Thursday each week,
http://quantumofstupid.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf