Re: Autonomous System Sanity Protocol

Andrew Partan <asp@partan.com> Sun, 27 April 1997 06:47 UTC

Received: from cnri by ietf.org id aa13725; 27 Apr 97 2:47 EDT
Received: from murtoa.cs.mu.OZ.AU by CNRI.Reston.VA.US id aa03257; 27 Apr 97 2:47 EDT
Received: from mailing-list by murtoa.cs.mu.OZ.AU (8.6.9/1.0) id QAA10686; Sun, 27 Apr 1997 16:37:36 +1000
Received: from munnari.OZ.AU by murtoa.cs.mu.OZ.AU (8.6.9/1.0) with SMTP id QAA10670; Sun, 27 Apr 1997 16:29:24 +1000
Received: from home.partan.com by munnari.OZ.AU with SMTP (5.83--+1.3.1+0.56) id GA21786; Sun, 27 Apr 1997 16:29:21 +1000 (from asp@partan.com)
Received: (from asp@localhost) by home.partan.com (8.6.12/8.6.12) id CAA00705; Sun, 27 Apr 1997 02:29:12 -0400
From: Andrew Partan <asp@partan.com>
Message-Id: <199704270629.CAA00705@home.partan.com>
Subject: Re: Autonomous System Sanity Protocol
To: Noel Chiappa <jnc@ginger.lcs.mit.edu>
Date: Sun, 27 Apr 1997 02:29:12 -0400 (EDT)
Cc: big-internet@munnari.oz.au
In-Reply-To: <9704270527.AA22472@ginger.lcs.mit.edu> from "Noel Chiappa" at Apr 27, 97 01:27:05 am
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Content-Length: 734
Precedence: bulk

> Yes, but again, this is more an issue of routing efficiency than security;
> just because A.1 is over here in B, detached from A, doesn't mean it needs
> A's private key, it only needs the key for A.1 - which it both i) has to
> have, and ii) is entitled to, anyway.

This is precisely the problem that we had.  How do I stop unauthorized
A.1s from being advertised?

[The problem came in two parts.  The first part was that suddenly
a huge pile of more specifics (A.1s) were being advertised
(incorrectly) by B.  The second part is that the routes didn't get
widthdrawn correctly - they still existed in various parts of the
Internet some 24 hours after B disconnected itself from the Internet.]

	--asp@partan.com (Andrew Partan)