Dear network operators, please use the existing tools to fix security

Using the public internet for mission-critical workloads? Time to make sure plan B is in place…:

[…] The BGP standard includes so-called Resource Public Key Infrastructure (RPKI) Route Origin Authorisations (ROAs) to certify the truth of routing messages, but they’re not deployed as widely as they might be.

As APNIC’s chief scientist Geoff Huston says, internet routing is therefore a “system that relies on the propagation of rumours”.

False rumours can be mistakes that cause routing failures — sometimes on a massive scale. They can also be deliberate attempts to engineer malicious traffic hijacks.


Original Article