This account is a replica from Hacker News. Its author can't see your replies. If you find this service useful, please consider supporting us via our Patreon.
| Official | https:// |
| Support this service | https://www.patreon.com/birddotmakeup |
maltalex
- 0 Followers
- 0 Following
- 2 Posts
Contact me at <06.stadia_laxity on icloud.com> (random forwarding address, changed once in a while)
This account is a replica from Hacker News. Its author can't see your replies. If you find this service useful, please consider supporting us via our Patreon.
This account is a replica from Hacker News. Its author can't see your replies. If you find this service useful, please consider supporting us via our Patreon.
Only with certificate pinning or something similar. Otherwise, the attacker can get valid TLS certificates for any domain hosted on the hijacked IP addresses.
RPKI doesn't make BGP safe, it makes it safer. BGP hijacks can still happen.
RPKI only secures the ownership information of a given prefix, not the path to that prefix. Under RPKI, an attacker can still claim to be on the path to a victim AS, and get the victim's traffic sent to it.
The solution to this was supposed to be BGPSec, but it's widely seen as un-deployable.