There are two proposals floating around that are trying to address BGP origination hijacks (aka Pakistan vs. YouTube): RPKI and DNSSEC-based system. Ivan Pepelnjak joins Greg Ferro to talk about what is means for Networking.
This show was recorded in January 2013 and it’s been delayed publishing. Please accept my apologies.
Opinionated background on the RPKI discussion >http://www.internetgovernance.org/2013/01/09/the-routing-security-battles-intensify/> (warning, heavily biased authors on this site. )
RIPE 65 Session List – https://ripe65.ripe.net/presentations/presentation-archive/
RPKI would effectively give control over route advertisement validation to regional registries (who are also allocating the address space these advertisements cover), while the alternative approach would rely on DNSSEC and/or CA infrastructure controlled by … (fill in the blanks).
Also, this graph is interesting. Look who’s dragging their feet – http://certification-stats.ripe.net/
PROGRAMMABLEFLOW TECHNICAL DEEP DIVE
This free webinar sponsored by NEC Corporation of America describes the benefits and technical details of ProgrammableFlow®, the first production-grade commercial implementation of an OpenFlow-based Software Defined Network with a controller and data center switches.