[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"Is BGP safe yet?" test

On Tue, 21 Apr 2020 at 01:02, Baldur Norddahl <baldur.norddahl at gmail.com> wrote:

> Yes but that makes the hijacked AS path length at least 1 longer which makes it less likely that it can win over the true announcement. It is definitely better than nothing.

Attacker has no incentive to honor existing AS path, attacker can
rewrite it as they wish.

Anyhow I think some people think about RPKI in a way too binary manner
'because it is not secure, it is not useful'. Yes, AS_PATH
authenticity is an open problem, but this doesn't mean RPKI is
useless. Most of our BGP outages are not malicious, RPKI helps a lot
there and RPKI creates a higher quality database for prefix origin
information than what we have had.