On Dec 22, 2010, at 3:41 AM, marcelo bagnulo braun wrote: > Now that doesn't imply afaict that the surface of the attack will be bigger, > just that it is harder to identify.
Disagree. Confusion in and of itself represents a broadening of the attack surface. > Second, it is not obvious to me why having different origins for each anycast > location makes this situation any easier in the case of a malicious attacker > (Who is could potentially include a false origin in its announcement) At the moment, there are out-of-band mechanisms which in many (not all) instances can be utilized to sort the sheep from the goats. Obviously, technological - and therefore more automagic - mechanisms for doing so are preferred, and there is considerable activity in that regard (i.e., rPKI). _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
