

Quick fix for an early Internet problem lives on a quarter-century later - RockyMcNuts
http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/

======
hueving
Maybe it's just my impression, but this article tries to make it sound like
they should have addressed this from the beginning.

Looking back, it's doubtful that a secure version up front would have worked.
Routers were pretty feeble back then, and getting them to verify crypto
signatures for advertisements would have been a non-starter.

This is especially true since there are still many issues with the secure
replacements when it comes to key distribution issues, manipulating path
costs, etc. With all of the modern crypto we have now, it's still a non-
trivial problem to solve.

~~~
mauricemir
And misses the point (not to be a circuit switched bigot) that there where
existing networks based on OSI that where technically superior.

But they cost a lot more and required more technical rigor to implement (yes I
am looking at you Sprint/ Microsoft) and some times Good enough for jazz is
the way to go.

------
Animats
It's not a crypto problem. It's not about who you're talking to. It's what
they tell you, and where they got the info they're telling you. Mutually
mistrustful routing is very hard.

~~~
dsr_
Yup. By definition, your BGP neighbors are:

\- not controlled by you

\- tell you about their own view of the Internet

\- and tell you about views of the Internet passed on from other neighbors

You can arrange to absolutely trust a given neighbor to be that neighbor, but
until every BGP speaker in the world has that relationship, you can't trust
the data that they pass on.

And every BGP speaker in the world has both direct controls (advertise this
AS, don't advertise that AS) and influential controls (pretend that this AS is
farther away than it is, prefer this AS here and not there because it's
cheaper for us) that are both necessary and desirable, because money
constrains what engineering can do.

------
RockyMcNuts
In which Richard Clarke alerted John Chambers, who said he had never heard of
BGP.

------
TranceMan
This is a good presentation on the development of BGP by Yakov Rekhter [0]:

[https://www.youtube.com/watch?v=_Mn4kKVBdaM](https://www.youtube.com/watch?v=_Mn4kKVBdaM)
BGP at 18: Lessons In Protocol Design

[0]
[https://en.wikipedia.org/wiki/Yakov_Rekhter](https://en.wikipedia.org/wiki/Yakov_Rekhter)

------
mirimir
This is of course a serious problem. But I'm surprised that there's no mention
of end-to-end encryption as a defense against misrouting.

~~~
gizmo686
End-to-end ecryption doesn't defend against misrouting, although it does
mitigate the damages of it. However, with our current CA system, nation level
adversaries could easily MITM an encrypted connection that they have rerouted
through their servers.

~~~
mirimir
Right, "mitigate" is what I ought to have written.

And yes, HTTPS is rather a joke. But what about properly implemented SSH,
IPSec or OpenVPN?

~~~
philbarr
Why is HTTPS "rather a joke"? Genuinely curious...

~~~
ekimekim
Because your client (generally a browser) is configured to implicitly trust a
group of companies called "root Certificate Authorities" (root CAs). Now,
consider one such company head-quartered in China, or the US. The governments
of both countries have the power to secretly demand such a company's keys,
then use them to make your client trust whichever endpoint they chose.

~~~
eli
That's still considerably better than sending unencrypted HTTP over the wire
in pretty much every way.

~~~
stefantalpalaru
Better, but not good enough.

------
hudibras
This article has the most polite comments I've ever seen on the Washington
Post website.

