Home page logo
/

nanog logo nanog mailing list archives

Re: AS8584 taking over the internet
From: Hank Nussbacher <hank () ibm net il>
Date: Fri, 10 Apr 1998 09:49:46 +0200

At 07:25 PM 4/9/98 -0400, Scott Huddle wrote:
I have and remain unconvinced and or confused ;)  The proposal allows
an operator to verify a valid origin AS for a given prefix (i.e. "config"
sorry if I'm being loose with the word) by using the DNS system with
"bgp.in-addr" extensions.  I'm not sure which part of the random 
route announcement problem that dnssec solves in this case?  It can
help with the "are they indeed are who they say they are", but it 
doesn't solve the "are they supposed to be doing what they said that 
they're doing" case.

Has anyone benchmarked how long it will take to resolve 50,000 bgp.in-addr's
after a line hiccup or a "clear ip bgp *"?   -Hank


And you didn't address my paranoia about not trusting the DNS ;)

-scott

you may wish to read the draft.  it did not suggest using the dns to
configure.  and you may also want to look into dnssec.

randy






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]