Re: Autonomous System Sanity Protocol

Andrew Partan <> Sun, 27 April 1997 06:47 UTC

Received: from cnri by id aa13725; 27 Apr 97 2:47 EDT
Received: from by CNRI.Reston.VA.US id aa03257; 27 Apr 97 2:47 EDT
Received: from mailing-list by (8.6.9/1.0) id QAA10686; Sun, 27 Apr 1997 16:37:36 +1000
Received: from munnari.OZ.AU by (8.6.9/1.0) with SMTP id QAA10670; Sun, 27 Apr 1997 16:29:24 +1000
Received: from by munnari.OZ.AU with SMTP (5.83--+1.3.1+0.56) id GA21786; Sun, 27 Apr 1997 16:29:21 +1000 (from
Received: (from asp@localhost) by (8.6.12/8.6.12) id CAA00705; Sun, 27 Apr 1997 02:29:12 -0400
From: Andrew Partan <>
Message-Id: <>
Subject: Re: Autonomous System Sanity Protocol
To: Noel Chiappa <>
Date: Sun, 27 Apr 1997 02:29:12 -0400 (EDT)
In-Reply-To: <> from "Noel Chiappa" at Apr 27, 97 01:27:05 am
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Content-Length: 734
Precedence: bulk

> Yes, but again, this is more an issue of routing efficiency than security;
> just because A.1 is over here in B, detached from A, doesn't mean it needs
> A's private key, it only needs the key for A.1 - which it both i) has to
> have, and ii) is entitled to, anyway.

This is precisely the problem that we had.  How do I stop unauthorized
A.1s from being advertised?

[The problem came in two parts.  The first part was that suddenly
a huge pile of more specifics (A.1s) were being advertised
(incorrectly) by B.  The second part is that the routes didn't get
widthdrawn correctly - they still existed in various parts of the
Internet some 24 hours after B disconnected itself from the Internet.] (Andrew Partan)