There is a big difference in real engineering (i.e. outside a university) between a solution that only addresses part of a problem and one that is 'useless'. In this case it is much more important to restrict the application of cryptography to problems that it solves well than to attempt to solve every problem. In observed attacks and in simulations, the IP-AS number attack is much more significant than the routing layer attack in most circumstances. The IP-AS attack is global, the effects of the routing layer attack are local. There are many security concerns that BGP security could address. The only concerns for which a BGP security solution is essential is to prevent Denial of Service attacks and to prevent hijacking of IPv4 space after exhaustion is reached. I believe that the most likely scenario in which BGP security is actually deployed is that the IPv4 space runs out and we then see a huge increase in address block theft and bogon injection by spammers and other malicious actors. I have deliberately crafted a solution that can be applied in a 'save your ass' mode. The routing level attack will remain, but that is only an issue for AS networks that are not directly connected. Networks that are directly connected are not going to be fooled by bogus routes, particular not by routes that are several hops removed. While that may seem a somewhat callous observation 'ok, so huge chunks of the net can fail', the point is that we can avoid some of the more painful consequences of critical infrastructure that relies on IP connectivity collapsing through some fairly simple measures. We can also avoid deadlock situations where the net falls down and we can't bring it back because the routing tables are totally contaminated. In practice though, the consequences of routing manipulation are manageable. Worst case we can revert to the routing tables that worked an hour ago. or a day ago and get to 95% normalcy. On Mon, Mar 15, 2010 at 7:24 PM, Masataka Ohta <mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > Phillip Hallam-Baker wrote: > > As was discussed already in this ML, RPKI is useless. > > Even if an AS owning an address block is securely known, it does > not secure routing to the address block through other ASes. > > Masataka Ohta > > -- -- New Website: http://hallambaker.com/ View Quantum of Stupid podcasts, Tuesday and Thursday each week, http://quantumofstupid.com/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf