Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: So -- what did happen to Panix?

  • From: bmanning
  • Date: Fri Jan 27 07:52:44 2006

On Fri, Jan 27, 2006 at 04:36:28AM -0800, Randy Bush wrote:
> 
> > what I saw by going through the diffs, etc.. that I have
> > available to me is that the prefix was registered to be announced
> > by our customer and hence made it into our automatic IRR filters.
> 
> i.e., the 'error' was intended, and followed all process.
> 
> so, what i don't see is how any hacks on routing, such as delay,
> history, ... will prevent this while not, at the same time, have
> very undesired effects on those legitimately changing isps.
> 
> seems to me that certified validation of prefix ownership and as
> path are the only real way out of these problems that does not
> teach us the 42 reasons we use a *dynamic* protocol.

	perhaps you mean certified validation of prefix origin
	and path.  Ownership of any given prefix is a dicey concept
	at best.

	as a start, i'd want two things for authentication and integrity
	checks:  AS P asserts it is the origin of prefix R and prefix R
	asserts the true origin AS is P (or Q or some list).  Being able
	to check these assertions and being assured of the authenticity
	and integrity of the answers goes a long way, at least for me.

	path validation is something else and a worthwhile goal.
--bill
	
> 
> what am i missing here?
> 
> randy




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.