nanog mailing list archives
RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
From: "Bora Akyol" <bora () broadcom com>
Date: Tue, 22 Nov 2005 16:06:33 -0800
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Steven M. Bellovin Sent: Tuesday, November 22, 2005 12:54 PM To: Randy Bush Cc: nanog () nanog org Subject: Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
<..>
Furthermore, given that a trust algebra may yield a trust value, rather than a simple 0/1, is it reasonable to use that assessment as a BGP preference selector? That would tie the security very deeply -- too deeply? -- into BGP's guts.
If you take the web of trust model, I think a security value can be assigned to announced information based on a couple variables: 1) Distance from an absolute trusted authority. 2) The feedback rating of the announcer (like Ebay ;-) 3) A statically configured metric based on a field match with a set of extracted fields from the ID presented by the announcer. Or a combination of both. I think this was discussed in detail in the pre-formation stages of the BGP Sec. Req. document. I also remember reading about a paper on a PGP like trust mesh with variable trust values assigned based on distance etc, but I can't recall the authors. All in all, this is not totally different from Viterbi decoding of digital signals in the presence of noise in the way the trust values would be constructed.
Current thread:
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security), (continued)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven J. Sobol (Nov 22)
- Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 24)
- Re: BGP Security and PKI Hierarchies Valdis . Kletnieks (Nov 25)
- Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 26)
- Re: BGP Security and PKI Hierarchies Michael . Dillon (Nov 25)
- Re: BGP Security and PKI Hierarchies Florian Weimer (Nov 25)
- RE: BGP Security and PKI Hierarchies Matthew Kaufman (Nov 25)
- RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 22)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) william(at)elan.net (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Steven M. Bellovin (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) Randy Bush (Nov 23)
- Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) George Michaelson (Nov 23)