[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation
Jimmy Hess
mysidia at gmail.com
Sat May 4 22:08:11 EDT 2019
On Sat, May 4, 2019 at 8:10 AM Töma Gavrichenkov <ximaera at gmail.com> wrote:
> On Sat, May 4, 2019, 4:28 AM Marilson Mapa <marilson.mapa at gmail.com> wrote:
>
> Let's be honest here. RPKI, BGPSec and BGP roles could help resolving the issue of hijacking.
> This initiative would tame it a bit at best, but must not be seen as anything close to a silver bullet.
If ARIN can determine what router owners may or may not do, then in another
year, a proposal something like this could be added on top of the "No
Hijacking" rule,
so no problem, right? :
"
2.0 Using Number Resources with insecure versions of BGP is a Policy Violation
Propagating a BGP announcement containing IP number resources with
an insecure version of BGP is unacceptable behavior.
An insecure BGP operation is understood to be the acceptance or
announcement of any route received using BGP or other exterior routing protocol
without the numbers and paths related to each route having been confirmed on
the receiving side using BGPsec or comparable system according to RFCxxxx with
authenticity of every announcement verified against an ARIN-Approved RPKI.
"
> Actually, one of the strongest concerns of mine with this proposal is that this may slow down
> the proper solution (routing security) deployment due to a false sense of security it provides.
> --
> Töma
--
-JH
More information about the ARIN-PPML
mailing list