On Mon, 23 May 2005, Edward Lewis wrote:
1) Keep the security ancillary data nearby. You might need it when the
source of the data is unreachable (perhaps because of an incident like a
flood).
That is why in my view soBGP is something that can only be deployed as an
after-filter (i.e. ones full BGP mesh is in for decisions about if the
routing data is to be passed along to other peers or to IGP).
2) Appending signatures is dicey. It has to be all public key and there's
never a guarantee that the latest signer hasn't stripped out previous
entries. (That could make a longer path seem shorter in order to redirect
traffic.)
IMHO - the inherent problem is that a router is trying to work inside the
plane of activity (meaning it can only talk to it's nearest neighbors), but
it takes the view point of something with ubiquitous knowledge to know if
every thing is cool. How can you do this without a trusted third party
involved somewhere, in a way that is not obtrusive (whether at registration
time or at run time)?
You do need "trusted third party" to act as PKI root signer. We're lucky
because unlike other places, we do have hierarchy with ip addresses and
ASNs and NIR is the "root" organization.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
