Hi Bill, You wrote:
> TRRP relies on mostly on security mechanisms present in DNS > itself. The request includes a serial number. The same serial > number has to be in the reply. Unsolicited replies and replies > containing information outside their scope of authority are > ignored. OK - sorry I was so ignorant about DNS basics. > A bad actor with access to the DFZ's BGP system can do > significant if temporary damage and TRRP doesn't fundamentally > change that. Any map-encap scheme introduces extra complexity, and so provides more opportunities for things to go wrong by accident, or by intentional actions. When the proposals are developed with more detail it will be possible to discuss any potential vulnerabilities they open. BTW, a technical account of the YouTube Pakistan Telecom event is: http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml Regards - Robin -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
