We would like to provide you with a better user experience. Please re-enable Javascript in your web browser.
It has often been said of technology standards that the good thing is that there are just so many to pick from! The same is true, to perhaps a more limited extent, in the world of cryptography. The choices may not be quite so diverse, but there are still many…
Am I really talking to you? In a networked world that’s an important question. For example, where I’m located, when I look up the DNS name www.google.com I get the IPv6 address 2404:6800:4006:813::2004. This implies that when I send an IPv6 packet to this destination address I will reach a…
The Border Gateway Protocol (BGP) is the Internet’s inter-domain routing protocol, and after some thirty years of operation BGP is now one of the more venerable of the Internet’s protocols. One of the major ongoing concerns related to BGP is its lack of effective security measures, and as a result…
The Border Gateway Protocol (BGP) is the Internet’s inter-domain routing protocol, and after some thirty years of operation is now one of the more venerable of the Internet’s core” protocols. One of the major ongoing concerns related to BGP is its lack of effective security measures, and as a result…
There are a number of parts to the current framework that we’re using to improve routing security on the Internet. Prefix holders should generate validly signed Route Origination Attestations (ROAs) and have them published, Network operators should maintain a current local cache of these signed objects and use then to…
As the pandemic continues, the network operational community continues to meet online. NANOG held its 81st meeting on February 8 and 9, and these are my notes from some of the presentations at that meeting. A Brief History of Router Architecture Ethernet, developed in 1973 at Xerox PARC, was a…
Over the past few months I’ve had the opportunity at various network operator meetings to talk about BGP routing security and also highlight a measurement page we’ve set up that measures the extent to which Route Origin Validation (RoV) is actually “protecting” users (https://stats.labs.apnic.net/rpki). By this I mean we’re measuring…
I’ve been asked a number of times: “Why are we using as distributed trust framework where each of the RIRs are publishing a trust anchor that claims the entire Internet number space?” I suspect that the question will arise again the future so it may be useful to record the…
I’m constantly impressed by the rather complex intricacies that are associated with running your own web server these days. A recent source of these complexities has been the PKI, the security infrastructure used to maintain secure connections over the network, and I’d like to recount my experience here, in case…
A couple of weeks ago I wrote an article about some issues with the Internet’s Public Key Infrastructure. In particular, I was looking at what happens if you want to “unsay” a public key certificate and proclaim to the rest of the Internet that henceforth this certificate should no longer…
