In message <20160823233710.8dc3a5206...@rock.dv.isc.org>, Mark Andrews writes:
>
> I'm curious. What are you trying to achieve by blocking EDNS version
> negotiation? Is it really too hard to return BADVERS to a EDNS
> query with version != 0 along with the version of EDNS you support
> in the
Background:
Five years ago PCH conducted the first, and to date only, comprehensive survey
characterizing Internet peering agreements.
The document that resulted can be found here:
https://www.pch.net/resources/Papers/peering-survey/PCH-Peering-Survey-2011.pdf
On Wed, Sep 14, 2016 at 04:04:43PM -0400, Bryan Fields wrote:
> I'm a bit ambivalent about BGP hijacking as a DDOS mitigation strategy.
> Really there is no authority to say it's wrong. If your peers are cool with
> it, and their peers are cool with it who's to say it's wrong?
Meeting abuse with
Doug,
I was basing my comments on your statement "If only there were a global
system.." However you slice or dice it, the tyranny implications have not yet
been addressed. That certainly needs to be in front of any technical idea such
as RPKI.
Although I haven't participated in the OT,
> On Sep 13, 2016, at 8:08 PM, Ca By wrote:
>
> On Tuesday, September 13, 2016, Doug Montgomery
> wrote:
>
>> If only there were a global system, with consistent and verifiable security
>> properties, to permit address holders to declare the set of
--- br...@bryanfields.net wrote:
From: Bryan Fields
I'm a bit ambivalent about BGP hijacking as a DDOS mitigation
strategy. Really there is no authority to say it's wrong. If
your peers are cool with it, and their peers are cool with it
who's to say it's wrong?
--- jfmezei_na...@vaxination.ca wrote:
From: Jean-Francois Mezei
I got to think about this (dangerous thing :-(
Ideally, law enforcement should have the smarts and tools
to get involved in DDoS and other similar situations and
have the power to compell upstream
On Wed, Sep 14, 2016 at 4:04 PM, Bryan Fields wrote:
> On 9/14/16 3:09 AM, Scott Weeks wrote:
> >
> > Yes, RPKI. That's what I was waiting for. Now we can get to
> > a real discussion
>
> Problem is, RPKI does not work for people with legacy blocks who will not
> sign
>
On 9/14/16 3:09 AM, Scott Weeks wrote:
>
> Yes, RPKI. That's what I was waiting for. Now we can get to
> a real discussion
Problem is, RPKI does not work for people with legacy blocks who will not sign
a Legacy RSA. ARIN doesn't own or have any say on how we use it, and we're
sure as heck not
I got to think about this (dangerous thing :-(
Ideally, law enforcement should have the smarts and tools to get
involved in DDoS and other similar situations and have the power to
compell upstream provider(s) to shut service to a suspect.
The current situation appears to be more of a wild-west
Scott and Doug,
The problem with a new automated enforcement system is that it hobbles both
agility and innovation. ISPs have enjoyed simple BGP management, entirely
self-regulated, for decades. A global enforcement system, besides being dang
hard to do correctly, brings the specter of
--- dougm.w...@gmail.com wrote:
From: Doug Montgomery
If only there were a global system, with consistent and verifiable security
properties, to permit address holders to declare the set of AS's authorized
to announce their prefixes, and routers anywhere on the Internet
12 matches
Mail list logo