Re: Article: DoD, DoJ press FCC for industry-wide BGP security standard

2022-09-20 Thread Gary Buhrmaster
On Tue, Sep 20, 2022 at 5:40 PM Randy Bush wrote: > to remind, ROV is a safety mechanism, not a security mechanism. it is > proving, as intended, to mitigate mistakes. which is very cool. but it > does not mitigate attacks of any sophistication. Mitigating against mistakes has value, and in

Re: Article: DoD, DoJ press FCC for industry-wide BGP security standard

2022-09-20 Thread John Curran
On 20 Sep 2022, at 2:29 PM, Randy Bush mailto:ra...@psg.com>> wrote: Does another barrier to entry make sense? ROV's ROA creation is a barrier to entry in north america, as discussed in another thread or see https://scholarship.law.upenn.edu/faculty_scholarship/2035/ Randy - I’d agreed

Re: Article: DoD, DoJ press FCC for industry-wide BGP security standard

2022-09-20 Thread Josh Luthman
ROA isn't mandatory. If it was, it would be a better comparison. Still, showing that low adoption rate shows the industry's interest in it. I think we all see the problem, but is there a viable solution? Is the problem big enough to warrant the transition? On Tue, Sep 20, 2022 at 2:29 PM

Re: Article: DoD, DoJ press FCC for industry-wide BGP security standard

2022-09-20 Thread Randy Bush
> Does another barrier to entry make sense? ROV's ROA creation is a barrier to entry in north america, as discussed in another thread or see https://scholarship.law.upenn.edu/faculty_scholarship/2035/ there are other cultures where isp operational security is taken more seriously than power

Re: Article: DoD, DoJ press FCC for industry-wide BGP security standard

2022-09-20 Thread Josh Luthman
Does another barrier to entry make sense? This makes it even more difficult still for new companies to start. Do we trust the FCC to come up with an industry wide fool proof (whatever that means) security standard? This is the same government that can't stop fake phone calls. On Tue, Sep 20,

Re: Article: DoD, DoJ press FCC for industry-wide BGP security standard

2022-09-20 Thread Randy Bush
> Way overdue! In the last 4 weeks, I've had at least 20 diff > conversations with FSI Network operators re: BGP hijacking, how to > detect and in the future, mitigate with higher levels of success. Come > on BGP RPKI/ROA adaption. I found the easiest way is via ISP pressure > to implement

Re: Article: DoD, DoJ press FCC for industry-wide BGP security standard

2022-09-20 Thread Dennis B
Way overdue! In the last 4 weeks, I've had at least 20 diff conversations with FSI Network operators re: BGP hijacking, how to detect and in the future, mitigate with higher levels of success. Come on BGP RPKI/ROA adaption. I found the easiest way is via ISP pressure to implement dropping invalid

Article: DoD, DoJ press FCC for industry-wide BGP security standard

2022-09-19 Thread Fletcher Kittredge
Fierce Telecom: DoD, DoJ press FCC for industry-wide BGP security standard