A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title : Threat Model for BGP Path Security
Author(s) : Stephen Kent
Andrew Chi
Filename : draft-ietf-sidr-bgpsec-threats-02.txt
Pages : 25
Date : 2012-02-22
This document describes a threat model for BGP path security
(BGPSEC). It assumes the context established by the SIDR WG charter,
as of April 19, 2011. The charter established two goals for the SIDR
work:
o Enabling an AS to verify the authorization of an origin AS to
originate a specified set of prefixes
o Enabling an AS to verify that the AS-PATH represented in a route
matches the path travelled by the NLRI for the route
The charter further mandates that SIDR build upon the Resource Public
Key Infrastructure (RPKI), the first product of the WG. Consistent
with the charter, this threat model includes an analysis of the RPKI,
and focuses on the ability of an AS to verify the authenticity of the
AS path info received in a BGP update.
The model assumes that BGP path security is achieved through the
application of digital signatures to AS_Path Info. The document
characterizes classes of potential adversaries that are considered to
be threats, and examines classes of attacks that might be launched
against BGPSEC. It concludes with brief discussion of residual
vulnerabilities.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-threats-02.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-threats-02.txt
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
