On 14 nov 2008, at 17:49, Hallam-Baker, Phillip wrote:
BGP is not a secure protocol.
Not disagreeing, but what makes for a secure protocol?
So why do you think it is appropriate for end user applications to make assumptions about end entity identity on the basis of source IP address?
I don't. But then again I don't believe in firewalls so it doesn't cost me anything to forego this assumption. But if all you have is a hammer and a nail comes along, you start hammering without asking too many questions. (I.e., addresses are there so if you have a firewall the natural thing is to filter based on them, even though it's problematic.)
If you take a look at DKIM you will see that the approach there is to independently authenticate the hops.
That didn't make sense in S-BGP so without being aware of the details of DKIM I'm going to assume it doesn't make sense there either.
_______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf