[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Do Not Complicate Routing Security with Voodoo Economics

Subject: Do Not Complicate Routing Security with Voodoo Economics
From: rdobbins at arbor.net (Dobbins, Roland)
Date: Mon, 5 Sep 2011 05:06:13 +0000
In-reply-to: <[email protected]>
References: <9e65c1ce-b212-4471-ae35-63a95b5c9fdb@suckerpunch-mbx-0.CS.Princeton.EDU> <[email protected]>

On Sep 5, 2011, at 11:55 AM, Dobbins, Roland wrote:

> Origin validation <> path validation.

Rather, that should read, 'Origin/path validation <> origin/path enforcement'.

The idea of origin validation is a simple one.  The idea of path validation isn't to determine the 'correctness' or 'desirability' of a particular AS-path, but rather to determine the *validity* (or at least the *feasability*) of a given AS-path.  

Origin validation is relatively easy compared to AS-path validation, and origin validation is the most important function of S*BGP.  And in a world with universal origin and AS-path validation, how is there some economic advantage to be had by deploying S*BGP?  

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

		The basis of optimism is sheer terror.

			  -- Oscar Wilde

References:
- Do Not Complicate Routing Security with Voodoo Economics
  - From: ms7 at CS.Princeton.EDU (Michael Schapira)
- Do Not Complicate Routing Security with Voodoo Economics
  - From: rdobbins at arbor.net (Dobbins, Roland)

Prev by Date: Do Not Complicate Routing Security with Voodoo Economics
Next by Date: anyone from netnames / ascio on list?
Previous by thread: Do Not Complicate Routing Security with Voodoo Economics
Next by thread: Do Not Complicate Routing Security with Voodoo Economics
Index(es):
- Date
- Thread