Dear network operators, please use the existing tools to fix security
Internet routing may well be a screaming car wreck, but a deployathon by the Asia Pacific Network Information Centre (APNIC) has shown how short, focused efforts can make a difference.
Routers use the Border Gateway Protocol (BGP) to tell each other the current best ways to route internet traffic, but the system relies on everyone telling the truth.
The BGP standard includes so-called Resource Public Key Infrastructure (RPKI) Route Origin Authorisations (ROAs) to certify the truth of routing messages, but they’re not deployed as widely as they might be.
As APNIC’s chief scientist Geoff Huston says, internet routing is therefore a “system that relies on the propagation of rumours”.
False rumours can be mistakes that cause routing failures — sometimes on a massive scale. They can also be deliberate attempts to engineer malicious traffic hijacks […]