mailing list archives
Re: The Internet's Biggest Security Hole | Threat Level from Wired.com
From: "David Farber" <dave () farber net>
Date: Thu, 28 Aug 2008 19:21:06 -0400
From: Steven M. Bellovin [mailto:smb () cs columbia edu]
Sent: Thu 8/28/2008 4:25 PM
To: DV Henkel-Wallace
Cc: David Farber
Subject: Re: [IP] Re: The Internet's Biggest Security Hole | Threat Level from Wired.com
On Thu, 28 Aug 2008 13:01:47 -0700
DV Henkel-Wallace <gumby () henkel-wallace org> wrote:
From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: August 27, 2008 8:19:18 PM EDT
As I told Wired, "the good guys have been warning
about this for 20 years, and nothing has happened!"
Well the good guys gave a paper, not a PR effort.
We did a lot more than just write a few papers. Steve Kent and his
colleagues, for example, had running code for SBGP, a compatible
extension to BGP, no later than 2002 and I think earlier. There were
presentations at NANOG, there were workshops, there were private
meetings, there were lots of intense discussions, there were references
to things like the AS 7007 incident and others like it, and there were
and are IETF working groups. We even got the White House involved.
The response has always been the same: the threat isn't real enough,
the solution is too costly, and there is the possibility of operational
outages if someone -- an end site, an ISP, an RIR, possibly up to ICANN
itself -- makes an error on a routing-related certificate. The most
recent meeting on the subject I attended was 1.5 weeks ago, and was
scheduled before we were aware of this recent presentation.
I admit we didn't give a public demo of an attack and invite the press
(though on another mailing list I've complimented the folks who did this
one). Beyond that, I'm rather at a loss for what more we could have
The larger question is how one justifies spending money on security. I
often liken it to life insurance: all of the money I paid for it last
year was wasted, since I didn't die even once. In this case, ISPs have
judged that what they pay now to clean up routing-related messes
(Pakistan vs. YouTube is the best-known recent example, but there have
been many others) is less than the cost of securing BGP. Perhaps
that's been true up till now, but what about more serious, sustained,
or damaging attacks? What if the spammers start using this technique
Plus 20 years
later nobody has deployed anything beyond BGP....and how fast can
_that_ be changed?
As I noted, BGP is extensible; all of the secure routing proposals on
the table (and I can think of at least five without recourse to search
engines) build on the existing protocol without breaking anything; a
secured BGP site can talk to an older site with no problems whatsoever.
A more interesting -- and still open -- research question is what
benefits accrue during the period of partial deployment; I've been
working on it.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com