On Wed, 13 Apr 2005 rg(_at_)mdpd(_dot_)com wrote:
Anyone with access to modify routing tables can (at least temporarily)
redirect nearby traffic to their copy of that network.<?xml:namespace
prefix = o ns = "urn:schemas-microsoft-com:office:office" />
No they can't. This require cooperation of all their upstreams ISPs who
for small isps have to enable announcements of new prefixed in their
filters.
Creative spoofing (IPs, DNS names) will arise and the Internet will be
forced to implement asymetric routing with encryption and/or certificates
being issued to of all things... Internet routers.
This has been in works for last 6 years with first drafts by BBN labs for
secure BGP going back to 1998, its still being developed but I anticipate
it will start to be deployed within next few years. If you want to learn
about it see:
http://www.nanog.org/mtg-0306/pdf/bellovinsbgp.pdf
http://www.net-tech.bbn.com/sbgp/
This problem will go beyond IP (to Total Identity Theft) and affect all
services as we know them. Why? Because it's possible... and profitable!
Its not as possible as you think or we'd have a lot more problems.
As long as these two factors are at play it will continue to escalte
until (eventually) nothing will be trusted (at face value) until proven
to be trustworthy. But if everthing can be faked, then what is real? And
what can be trusted?
Prediction of internet doom are unfounded.
In the end; A system that will provide "indisputable indentity to
anything anywhere" will solve all these problems at once [once and for
all(ways?)]
Care to define "indisputable identity"?
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net