nanog mailing list archives
Re: soBGP deployment
From: "william(at)elan.net" <william () elan net>
Date: Mon, 23 May 2005 10:37:52 -0700 (PDT)
On Mon, 23 May 2005, Edward Lewis wrote:
1) Keep the security ancillary data nearby. You might need it when the source of the data is unreachable (perhaps because of an incident like a flood).
That is why in my view soBGP is something that can only be deployed as an after-filter (i.e. ones full BGP mesh is in for decisions about if the routing data is to be passed along to other peers or to IGP).
2) Appending signatures is dicey. It has to be all public key and there's never a guarantee that the latest signer hasn't stripped out previous entries. (That could make a longer path seem shorter in order to redirect traffic.)IMHO - the inherent problem is that a router is trying to work inside the plane of activity (meaning it can only talk to it's nearest neighbors), but it takes the view point of something with ubiquitous knowledge to know if every thing is cool. How can you do this without a trusted third party involved somewhere, in a way that is not obtrusive (whether at registration time or at run time)?
You do need "trusted third party" to act as PKI root signer. We're lucky because unlike other places, we do have hierarchy with ip addresses and ASNs and NIR is the "root" organization. -- William Leibzon Elan Networks william () elan net
Current thread:
- Re: soBGP deployment, (continued)
- Re: soBGP deployment Randy Bush (May 23)
- Re: soBGP deployment Tony Li (May 23)
- Re: soBGP deployment Randy Bush (May 24)
- Re: soBGP deployment Russ White (May 24)
- Re: soBGP deployment Randy Bush (May 24)
- Re: soBGP deployment Michael . Dillon (May 23)
- Re: soBGP deployment Russ White (May 23)
- Re: soBGP deployment Russ White (May 23)
- Re: soBGP deployment Edward Lewis (May 23)
- Re: soBGP deployment Michael . Dillon (May 23)
- Re: soBGP deployment william(at)elan.net (May 23)
- Re: soBGP deployment bmanning (May 23)
- Re: soBGP deployment Daniel Golding (May 23)
- Re: soBGP deployment Jeroen Massar (May 23)
- Re: soBGP deployment bmanning (May 23)
- Re: soBGP deployment Edward Lewis (May 23)
- Re: soBGP deployment Daniel Golding (May 23)
- Re: soBGP deployment Valdis . Kletnieks (May 23)
- Re: soBGP deployment Brad Knowles (May 23)
- Message not available
- Re: soBGP deployment Suresh Ramasubramanian (May 23)
- Re: soBGP deployment Michael . Dillon (May 24)