To quote Bruce Schneier quoting an NSA maxim, attacks only get better;
they never get worse. We now have running code of one way to do this.
I think most NANOG readers can see many more ways to do it. A real
solution will take years to deploy, but it will never happen if we
don't start. And we want to have the solution out there *before* we
see serious attacks on BGP.Again, thank you -- it was really nice work.
Seems like we *could* get a large part of the way there if people were
only checking the information in question. While not the long-term fix
of being able to prove authorization to advertise space, simply requiring
a LOA at the edge, and requiring IRR further in, and keeping records of
what was advertised, would seem to be a worthwhile improvement on the
current state of affairs. Total prevention is a very rough goal, so
making it more difficult, combined with being able to identify when
someone did something bad, really ought to be a worthwhile interim goal,
and I've wondered for a long time why this isn't being done.
... JG