Skip to main content


Showing posts from 2015

Routing layer security on the public internet is hopeless

I have mostly come to the conclusion that trying to secure the routing layer of the internet is hopeless. Protocols like DNSSEC impose pretty significant costs on service providers and clients/recursive resolvers, and at the same time don't provide any substantive security guarantees that I'd be willing to rely on. I still want end-to-end security—confidentiality and integrity, in particular—of the data stream, something provided by TLS and support systems around TLS (e.g., certificate transparency). DNSSEC doesn't even try to give me the one thing I'd really like out of the routing layer, which is privacy: it provides a base level of integrity...and that's it. "Securing" BGP in a similar way would be worth even less, because routing decisions at that level can't even really be checked by clients as they don't have the context to understand why paths are configured with particular costs, nor do they know where state-level actor