[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BGP in the Washngton Post

Subject: BGP in the Washngton Post
From: cb.list6 at gmail.com (Ca By)
Date: Mon, 1 Jun 2015 07:08:20 -0700
In-reply-to: <CAP-guGXCgO2mLXHHLC5kD60-vpALPUT7=oBdUkkg2Vp3iouGhQ@mail.gmail.com>
References: <CAP-guGXCgO2mLXHHLC5kD60-vpALPUT7=oBdUkkg2Vp3iouGhQ@mail.gmail.com>

On Mon, Jun 1, 2015 at 6:24 AM, William Herrin <bill at herrin.us> wrote:

> Interesting story about BGP and security in the Washington Post today:
>
>
> http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/
>
> -Bill
>
>
The article left me with the feeling that there was a secure version of BGP
that is available but network operators are too short-term-focused and
foolish to deploy it.

I believe the situation is more complicated than that, no?  There is no
"secure version of BGP".  There are a handful of things that help, like
RPKI ... but they are far off from hitting the mark of "securing the
internet"... not too mention the ARIN RPKI SNAFU with various lawyers that
make RPKI impossible for a large part of the internet.

CB

PS.  All my ipv4 and ipv6 routes are RPKI signed, but I can't validate
because Cisco does not think validation within a VRF is an IOS-XR worthy
features

PPS. It does blow my mind that the internet works so well given that its
security relies on the good faith and reputation of a few network janitors
and plumbers

> --
> William Herrin ................ herrin at dirtside.com  bill at herrin.us
> Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
>

Follow-Ups:
- Routing Insecurity (Re: BGP in the Washington Post)
  - From: jared at puck.nether.net (Jared Mauch)

References:
- BGP in the Washngton Post
  - From: bill at herrin.us (William Herrin)

Prev by Date: BGP in the Washngton Post
Next by Date: BGP in the Washngton Post
Previous by thread: BGP in the Washngton Post
Next by thread: Routing Insecurity (Re: BGP in the Washington Post)
Index(es):
- Date
- Thread