[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Global Blackhole Service

Subject: Global Blackhole Service
From: randy at psg.com (Randy Bush)
Date: Sat, 14 Feb 2009 06:41:50 +0900
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

eventually, the rpki will give you the first half, authentication
of the owner of the ip space.  this leaves, as smb hinted, securing
the request path from the black-hole requestor to the service and
of the service to the users.

smb:
> You can't do this without authoritative knowledge of exactly who
> owns any prefix; you also have to be able to authenticate the
> request to blackhole it.  Those two points are *hard*.

randy

References:
- Global Blackhole Service
  - From: j.ott at plusserver.de (Jens Ott - PlusServer AG)
- Global Blackhole Service
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- Global Blackhole Service
  - From: fw at deneb.enyo.de (Florian Weimer)

Prev by Date: One /22 Two ISP no BGP
Next by Date: Security Assessment of the Transmission Control Protocol (TCP)
Previous by thread: Global Blackhole Service
Next by thread: Global Blackhole Service
Index(es):
- Date
- Thread