
Using DNSSEC and BGPsec as kill-switches [pdf] - DyslexicAtheist
https://www.scion-architecture.net/pdf/2017-killswitch.pdf
======
DyslexicAtheist
_> In our analysis, we focus on two emerging secure protocolswhich can be
exploited to build kill switches: DNSSEC[3] and BGPsec[28]. Both schemes were
proposed to provide authentication and integrity to core Internet components,
but require global trust in a single central authority (Verisign/ICANN for
DNSSEC and ARIN for BGPsec). While it is clear that the authorities themselves
can impersonate any entity they certify, this paper analyzes theoperational
steps required for an external adversary to disable connectivity by attacking
specific points of these key hierarchies._

