On Mar 21, 2012, at 3:47 PM, Randy Bush wrote: >>> in this: >>> <http://mailman.nanog.org/pipermail/nanog/2012-February/045941.html> >>> message. This is what you mean as well, yes? >> Yes. And, to answer Randy's question in that message ... I'm not >> asserting that this is a _simple_ problem to be solved, but we should >> not ignore the problem b/c it's "hard" ... otherwise, we wouldn't have >> the Internet, as it exists today, nor a lot of other things. > > actually, there is a solution to that problem. it's called bgp.
No, it's not. Today, BGP is a mechanism that was strictly designed for distributing reachability information <period, full-stop>. Any change in that is a fundamental change to the way the BGP protocol is operated, currently. > bgpsec > is an attempt to protect that solution from some demonstrated attacks. ... which have not been enumerated, in detail, in any SIDR WG drafts. As I look at <http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-threats-02> there is /a lot/ of discussion around threats posed to everything surrounding BGPSEC & the RPKI, but no substance to at least the one "headline" threat that BGPSEC is supposedly designed to mitigate against, the so-called "Pilosov/Kapela" attack. Heck, there's not even a _link_ or _reference_ in the threats document to the Pilosov/Kapela attack. I can't even find one in <http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-reqs-03> either. Heck, if even the attacks you allude to are not enumerated (in detail), then IMHO there are much bigger problems here ... > if you have another solution, do tell us. but ranting that world hunger > should be solved does not feed anyone. -shane _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr