>For that matter, what do people think about the issue that a private key >could simply be covertly extracted from an AS' routers that are deployed >in far off lands? Wouldn't this kind of compromise be a terrifying security >threat to most ISPs?
Eric, We (BGPSEC document authors) had considered this problem. It is mitigated by having 'Key per Router' as discussed in: http://tools.ietf.org/html/draft-sriram-bgpsec-design-choices-01#section-4.5 4.5. Key Per Router (Rouge Router Problem) 4.5.1. Decision Within each AS, each individual BGPSEC router can have a unique pair of private and public keys. 4.5.2. Discussion If a router is compromised, its key pair can be revoked independently, without disrupting the other routers in the AS. Each per-router key-pair will be represented in an end-entity certificate issued under the CA cert of the AS. The Subject Key Identifier (SKI) in the signature points to the router certificate (and thus the unique public key) of the router that affixed its signature, so that a validating router can reliably identify the public key to use for signature verification. Sriram P.S. In case you had not seen the cited document (draft-sriram-bgpsec-design-choices) before, it is a design rationale discussion document and is a companion to draft-lepinski-bgpsec-protocol-00.txt (our initial individual draft submission). _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
