Hi, On Tue, Dec 25, 2018 at 09:45:06AM +0100, Lukas Tribus wrote: > On Tue, 25 Dec 2018 at 09:09, Gert Doering <[email protected]> wrote: > > If someone can interfere with TCP packets *inside your network* without > > you noticing, RPKI-RTR is likely the least of your worries. > > I'm not sure I follow ... > > other than using a lower layer encryption like macsec or L1 DWDM > encrpytion, how exactly do you avoid that attackers with physical > access to the fibers you are using are interfering with the TCP > packets? They can certainly capture packets, inject theirs, and very > likely corrupt/modify yours.
Indeed. But if they have this level of control over my packets, why
would they bother fiddling with RPKI-RTR?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
