Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Security The Internet

Cloudflare Wants Internet Route Leaks To Be a Thing of the Past (techcrunch.com) 24

Cloudflare wants routing issues to be a thing of the past by deploying a new feature to try to stop route leaks and hijacks in their tracks. From a report: Cloudflare told TechCrunch that rolling out resource public key infrastructure (RPKI) to all of its customers for free will make it far more difficult to reroute traffic -- either by accident or deliberately. RPKI, in a nutshell, helps to ensure that traffic goes to the right place through a route that's verified as legitimate and correct by using cryptographically signed certificates.

"When two networks connect with each other -- say, AT&T and Verizon -- they announce the set of IP addresses for which they should be sent traffic," said Nick Sullivan, Cloudflare's head of cryptography. "The RPKI is a security framework to make sure a network announces only its legitimate IP addresses." Cloudflare's push in the right direction follows an effort by the National Institute for Standards and Technology, which last week published its first draft of a new standard, which incorporates RPKI as one of three components that will help prevent route leaks and hijacks. A possible approval is expected in the coming weeks.

This discussion has been archived. No new comments can be posted.

Cloudflare Wants Internet Route Leaks To Be a Thing of the Past

Comments Filter:
  • PKI isn't quick, especially and particularly due to OCSP/CRL lookups. Is this going to spike my ping times as a result? If yes, I am not interested.
    • by jon3k ( 691256 )

      Is this going to spike my ping times as a result?

      No.

    • Re:Lag due to PKI? (Score:4, Informative)

      by Anonymous Coward on Wednesday September 19, 2018 @02:02PM (#57343646)

      This may very slightly increase the time taken to form a route after a network comes online. Seeing that this only happens after a major outage or when a new network is commissioned these few milliseconds won't matter at all.

      It is desperately needed btw, it is super easy to make a mistake in BGP configuration that makes you announce the ip ranges of another party. If you are lucky you can route that traffic and nothing goes down, but usually this causes major problems.

      • There are a lot of routers in the DFZ that are already hurting for CPU time.

        How quickly will something get hacked because somebody left the private key either on the router or someplace else exposed.

    • Unless you live in a part of the internet where the routes are re-calculated and re-established every time you send a packet, in which case, please do tell which ISP you use cause then I'll walk in a large circle around them.
  • Because we want Cloudflare [notabug.org] to be a thing of the past. It is a central point of failure for the whole of the world wide web at this point, and making them moreso a central point of failure for the internet is not a good idea at all.
  • Cloudflare shudda used "blockchain" in the PR headline, it would have gotten a lot more attention.
  • Only one of us will be happy, and I'm shopping on ponies dot com right now.

    Route that.

...there can be no public or private virtue unless the foundation of action is the practice of truth. - George Jacob Holyoake

Working...