On Wed, Apr 25, 2018 at 8:47 AM, Paul Wouters via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> > BGP hijack at once. In the end, that's a numbers game with a bunch of > race conditions. But hey, it might lead to actual BGP security getting > deployed :) > I'm an in-the-wild BGP and peering practitioner and have been for quite a while. I've assisted numerous ISPs of various sizes in such matters. I'm not proud of the state of network interconnection, but I can say with all seriousness that if you care about the integrity of DNS based domain validation, DNSSEC integrity validation is the more achievable mitigation for hijacked DNS infrastructure. Actual BGP security is probably never coming for all sorts of commercial incentives reasons. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy