El 21/12/10 21:46, Roland Dobbins escribió:
On Dec 22, 2010, at 3:41 AM, marcelo bagnulo braun wrote:
Now that doesn't imply afaict that the surface of the attack will be bigger,
just that it is harder to identify.
Disagree. Confusion in and of itself represents a broadening of the attack
surface.
mmm, maybe we are having a terminology issue here, i was using surface
== Catchment
what do you mean by surface?
Second, it is not obvious to me why having different origins for each anycast
location makes this situation any easier in the case of a malicious attacker
(Who is could potentially include a false origin in its announcement)
At the moment, there are out-of-band mechanisms which in many (not all)
instances can be utilized to sort the sheep from the goats. Obviously,
technological - and therefore more automagic - mechanisms for doing so are
preferred, and there is considerable activity in that regard (i.e., rPKI).
right, i can see that this _in conjunction_ with RPKI helps to deal with
this. So, i see this an an enabler, not as a solution per se (i.e.
without RPKI, the attacker can include a false origin and get away with it)
Regards, marcelo
_______________________________________________
GROW mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/grow
_______________________________________________
GROW mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/grow
