On 2015-06-01 22:07, Mark Andrews wrote:
If you have secure BGP deployed then you could extend the
authenication
to securely authenticate source addresses you emit and automate
BCP38 filter generation and then you wouldn't have to worry about
DNS, NTP, CHARGEN etc. reflecting spoofed traffic.
I don't believe this is entirely true, and BGPSEC certainly doesn't
solve most of what I'm concerned about from a routing security
perspective. See, e.g.:
https://tools.ietf.org/html/draft-ietf-grow-simple-leak-attack-bgpsec-no-help-04
That said, a Internet number resource certification infrastructure, be
it RPKI or something with s single root and scalable(!), is certainly
necessary, and can be used to bootstrap policy databases (e.g., IRRs)
that address both the inter-domain routing (e.g., origin "validation")
and data plane anti-spoofing security problems, and perhaps not require
operators (enterprises and nation states alike) to trade the autonomy
and flexibility they have in routing today for what others see as their
infrastructure security needs.
After all, stability, resiliency, and availability are ALSO factors in
the risk management gumbo that need to be considered by organizations,
and the tight coupling of RPKI and BGPSEC as designed, are quite
possibly not as attractive to some operators as the designers might
suggest, particularly in light of new external dependencies, competitive
markets, Internet governance, geopolitical climate, etc..
Many that haven't deployed or have lost interest in having the
conversation have done so deliberately, and would prefer a routing by
rumor paradigm that affords autonomy and flexibility to one where new
control points and exorbitant costs and complexity simply scare the heck
out of them, the primitives of which surely extend to many of the
luminaries quoted in those articles.
YMMV,
-danny
