On Dec 8, 2010, at 10:13 AM, Eugen Leitl wrote: > http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2010/120710-chinese-internet-traffic-fix.html&pagename=/news/2010/120710-chinese-internet-traffic-fix.html&pageurl=http://www.networkworld.com/news/2010/120710-chinese-internet-traffic-fix.html&site=printpage&nsdr=n > Fix to Chinese Internet traffic hijack due in January
FWIW, I was fairly unhappy with how PCH was portrayed in the article... That
was the product of a very long interview, and we certainly didn't suggest that
the Prefix Sanity Checker was an _alternative_ to RPKI. I very much think
routing security is a critical issue, the Prefix Sanity Checker was a baby-step
in that direction, which will help some people some of the time; tools that
perform a cryptographic verification of RADb-style origin and transitive-path
assertions are the obvious next step, and I'd very much like to see them
developed. It does seem to me, and a lot of people who've talked with me about
it, however, that using existing cryptographic methods on top of existing
routing-policy methods, would get us further, faster, than trying to cook up
some whole new single-purpose protocol from scratch. That was the essence of
the interview I gave, and I don't think that message made it through into the
finished article very obviously.
-Bill
PGP.sig
Description: This is a digitally signed message part
