Akamai, Amazon, Netflix, Microsoft, and Google Join Internet Routing Security Effort (theregister.co.uk) 13
A community effort to improve the internet's routing security has won the backing of some of the web's biggest names. From a report: Amazon, Google, Facebook, Microsoft, Akamai, and Netflix, among others, have signed up to the Mutually Agreed Norms for Routing Security (MANRS) group, in their roles as content delivery networks (CDNs) and cloud providers (CPs). MANRS's goal is to shore up the internet's lax security when it comes to routing people's connections around Earth. It is, essentially, depending on the circumstances, too easy for miscreants to hijack and redirect internet traffic from legit servers to malicious machines so that web browsing and other online activities can be snooped on or meddled with. This widespread issue is something that has become increasingly important in the past few years as the number and size of connectivity breakdowns and attacks on the global system have grown. Criminals and possibly government spies have realized the potential that exists in snatching people's internet traffic for surveillance, disruption, and theft. The MANRS group pushes four main approaches, two technical and two cultural: filtering, anti-spoofing, and then coordination and validation.
Only 2/5 are from Silicon Valley (Score:2)
Re: Only 2/5 are from Silicon Valley (Score:1)
Same old boys though ...
Althougg Amazon is probably just put in a different room of hell, to not turn the other demons even evilerer...er.
Damn cloud providers! (Score:2)
Why are they not doing something in periods of drought?
Re:DRM for the internet (Score:4, Informative)
This has nothing to do with general purpose computing devices or DRM.
Its all about preventing someone from saying "hey, send traffic for this block of IP addresses over here" when in fact they don't actually own the block of IP addresses they are advertising routes for. This has happened in the past (both accidentally and deliberately) so changing the core routing protocols of the internet to prevent it is a good idea.
Elephant in the room (Score:5, Insightful)
The elephant in the room is BGP, which hasn't been updated since 1998 and still includes hardware assumptions from that era in the protocol. It also has security assumptions from that era in the protocol. After all, everyone on the network is a nice, responsible, reasonable adult with the interests of the entire network as a whole at heart, right? Yeah, no...
BGP needs replacing entirely, but it's probably too late. There are too many competing interests and too many jackholes would see it as an opportunity for profit, turning any attempt to replace it into a shitshow of meddling attempts to inject patented algorithms into it. And so we're left with... "norms for routing security".
I wish them luck. It'll be a minor miracle if they accomplish anything.
Re:Elephant in the room (Score:4, Informative)
Oh please, RPKI has been an RFC since 2012:
https://tools.ietf.org/html/rf... [ietf.org]
And even Cloudflare started pushing it in 2018:
https://blog.cloudflare.com/rp... [cloudflare.com]
This is more or less a solved problem.
Re: (Score:3)
Oh please, RPKI has been an RFC since 2012:
Which practically no one is using, so...
See, the problem with an RFC is it's a request. If nobody wants to bother with it, nothing happens. Six years before one of the giants of the industry even bothered to acknowledge it? No, it most definitely is not a solved problem. Should be. Isn't.
Perhaps they should discuss with the carriers (Score:1)
I think there is probably a standards body or three that actually can do something about this...
All of the companies listed pretty much only exist to serve content (and datamine the last ounce of your privacy).
Which means this is probably a bad thing.
And on NANOG (Score:2)
there was much rejoycing