[arin-discuss] on the need for secure BGP routing and ARIN RPKI
Paul Vixie
paul at redbarn.org
Tue Nov 19 18:04:40 EST 2013
greetings, arin members. as i count down my last months as an arin
trustee, i look to the future of our industry. the RIR system (ARIN and
its sisters in other regions) has confronted many challenges during my
nine years on the ARIN board, including for example the seemingly (yet,
not!) intractable problem of how to motivate wide spread IPv6 deployment
before "final IPv4 runout" forces everyone to make hard choices or to
live in triple-NAT ghettos.
yet, one of our most ambitious and worthwhile challenges receives very
little discussion. that is: secure BGP routing, for which the RIR system
has been working for almost a decade on the enabling technology -- RPKI
-- Routing Public Key Infrastructure. briefly, this is a way to bind a
crypto-authentic key to blocks of address space, which will ultimately
make it possible for network operators to sign their routing
announcements and verify the announcements you receive.
today our colleagues at renesys published a report on "man in the middle
internet hijacking":
http://www.renesys.com/2013/11/mitm-internet-hijacking/
the key message of this article is this excerpt:
> ... In practical terms, this means that Man-In-the-Middle BGP route
> hijacking has now moved from a theoretical concern to something that
> happens fairly regularly, and the potential for traffic interception
> is very real. ...
i hope i can persuade all of you to read the renesys article cited
above, and to investigate ARIN's RPKI project, in which the ARIN Board
of Trustees has repeatedly voted to invest the company's technology
resources:
https://www.arin.net/resources/rpki/index.html
i don't mean to say that you should stop worrying about IPv4 runout and
IPv6 deployment, of course! what i do mean to say is, the Internet's
core routing system is not presently a safe neighborhood, and fixing
that is vital, and will require everyone's attention and effort.
thanks for listening.
paul vixie, arin trustee, 2005-2013
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-discuss/attachments/20131119/cbfc68f7/attachment.html>
More information about the ARIN-discuss
mailing list