[j-nsp] About Secure Transport for RPKI on JUNOS

Gert Doering gert at greenie.muc.de
Tue Dec 25 04:09:24 EST 2018


Hi,

On Tue, Dec 25, 2018 at 09:45:06AM +0100, Lukas Tribus wrote:
> On Tue, 25 Dec 2018 at 09:09, Gert Doering <gert at greenie.muc.de> wrote:
> > If someone can interfere with TCP packets *inside your network* without
> > you noticing, RPKI-RTR is likely the least of your worries.
> 
> I'm not sure I follow ...
> 
> other than using a lower layer encryption like macsec or L1 DWDM
> encrpytion, how exactly do you avoid that attackers with physical
> access to the fibers you are using are interfering with the TCP
> packets? They can certainly capture packets, inject theirs, and very
> likely corrupt/modify yours.

Indeed.  But if they have this level of control over my packets, why
would they bother fiddling with RPKI-RTR?

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert at greenie.muc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20181225/7e41d869/attachment.sig>


More information about the juniper-nsp mailing list