nanog mailing list archives

Re: "Is BGP safe yet?" test

From: Saku Ytti <saku () ytti fi>
Date: Tue, 21 Apr 2020 08:38:38 +0300

On Tue, 21 Apr 2020 at 01:02, Baldur Norddahl <baldur.norddahl () gmail com> wrote:

Yes but that makes the hijacked AS path length at least 1 longer which makes it less likely that it can win over the 
true announcement. It is definitely better than nothing.


Attacker has no incentive to honor existing AS path, attacker can
rewrite it as they wish.

Anyhow I think some people think about RPKI in a way too binary manner
'because it is not secure, it is not useful'. Yes, AS_PATH
authenticity is an open problem, but this doesn't mean RPKI is
useless. Most of our BGP outages are not malicious, RPKI helps a lot
there and RPKI creates a higher quality database for prefix origin
information than what we have had.

-- 
  ++ytti

Current thread:

"Is BGP safe yet?" test Andrey Kostin (Apr 20)
- Re: "Is BGP safe yet?" test Mark Tinka (Apr 20)
  - Re: "Is BGP safe yet?" test Mark Tinka (Apr 20)
  - Re: "Is BGP safe yet?" test Randy Bush (Apr 20)
    - Re: "Is BGP safe yet?" test Amir Herzberg (Apr 20)
    - Re: "Is BGP safe yet?" test Job Snijders (Apr 20)
    - Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 20)
    - Re: "Is BGP safe yet?" test Saku Ytti (Apr 20)
    - Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 20)
    - Re: "Is BGP safe yet?" test Andrey Kostin (Apr 21)
    - Re: "Is BGP safe yet?" test Randy Bush (Apr 21)
    - Re: "Is BGP safe yet?" test Mark Tinka (Apr 21)
    - Re: "Is BGP safe yet?" test Randy Bush (Apr 21)
- Re: "Is BGP safe yet?" test Tom Beecher (Apr 20)
  - Re: "Is BGP safe yet?" test Cummings, Chris (Apr 20)
    - Re: "Is BGP safe yet?" test Tom Beecher (Apr 20)
    - Re: "Is BGP safe yet?" test Mark Tinka (Apr 20)
    - Re: "Is BGP safe yet?" test Tom Beecher (Apr 20)

(Thread continues...)