Hi Sandra, Thanks for the reply. You put forward the all the points correctly and precisely.
My concern is that, unlike the normal PKI model where the final output is to authenticate the user using the just the certificate, the Routing based model we are now talking about verifying just a small bit of information which is used for the BGP Best Path selection - the sanity of which we are trying to protect, and protecting just the Origin does not make sense in a malicious case at all. Though you may say that it protects in case the malicious person plays with the Origin attribute, it however does not protect much as with the same amount of effort a malicious person can still cause the same attacks. What increases is the over head in each of the domains to maintain the new PKI information. After reading a bit through what Pekka/ Danny/ Joe Abely said away in which we could update the filters between peers automatically(only relating to routes originated by the peer), from the RIR, we may achieve the very same functionality. Thanks, Vishwas On Thu, Feb 28, 2008 at 8:34 AM, Sandra Murphy <[EMAIL PROTECTED]> wrote: > > > On Thu, 28 Feb 2008, Vishwas Manral wrote: > > > Hi Stephen, > > > > > Ok, I understand the model you talk about now. Yes the CPU may not be > > the biggest concern as the server is verifying the Cert's offline. I > > guess this would also lead to models like CRL's for revocation. > > > > Like I said earlier as SIDR does not stop malicious attacks, but only > > ones caused unintentionally, is it not possible to actually use a > > simpler mechanism to get over such errors? > > > > Thanks, > > Vishwas > > > > Vishwas, the current SIDR work is focused on preventing attacks > (faulty/misconfigured/subverted/malicious/whatever) against the > origination of routing advertisements, by providing strong assurance of > who holds what prefixes, and therefore who can authorize origination of > a prefix. > > (And in the leak that is the subject of this email chain, the fully > deployed system would indeed have detected the mis-origination, in any AS > that had received the mis-origination, not just the direct link up from > the customer.) > > The concerns you raise are recognized subjects for further work. > > But all of the very many proposals for securing BGP (see: S-BGP, soBGP, > psBGP, SPV, etc., etc.) rely on protecting this initial bit of routing > information: originating a route to a prefix. So defining this work is a > basis for defining future fuller protection techniques as well. > > All simpler mechanisms I have ever heard of for protecting origination of > routing advertisements are either much lower assurance, or based on data > with similar strong protections but not more assurance, or not extensible > to protecting more features of BGP exchanges. > > > --Sandy > _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
