[Podcast] Kentik’s view of secure BGP in 2025
Doug Madory shares insights from his 2025 analysis of secure BGP deployment around the world, based on Kentik’s internal measurements and global routing data.
Category:
Tech matters
Decoding TCP SYN for stronger network security
Guest Post: How honeypot data can reveal network risks through header-only analysis of TCP SYN segments.
Signing the root in public: The foundations of trust
Inside the ceremony that safeguards global DNSSEC, and why community oversight still matters.
How RFC 9691 improves key rollover in RPKI Trust Anchors
New support for key transitions will give RIRs greater flexibility and improve long-term resilience of the RPKI.
Bootstrapping HTTP/1.1, HTTP/2, and HTTP/3
Guest Post: A packet-level tour through redirects, TLS negotiation, and protocol discovery.
A first look at the PROXY protocol and its security implications
Guest Post: Studying PROXY protocol usage at Internet scale and the security impact of its misconfigurations.
How Let’s Encrypt reduced the impact of zombie clients
Guest Post: A new rate limit has significantly reduced the load on Let’s Encrypt’s infrastructure.
[Podcast] Downloading the root
Geoff Huston discusses the DNS root zone and how query load at the root could be reduced by using trusted local copies of the zone.
Ossification and the Internet
Why IP, transport, routing, and DNS protocols can harden and what that means for the future of the public network.
The scourge of excessive AS-SETs
Guest Post: Many AS-SETs have grown so large they effectively whitelist most of the routing table, defeating their purpose. How are AS-SETs actually used for filtering, and what can be done when they get too big?