nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

From: "Bora Akyol" <bora () broadcom com>
Date: Tue, 22 Nov 2005 16:06:33 -0800

 


-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On 
Behalf Of Steven M. Bellovin
Sent: Tuesday, November 22, 2005 12:54 PM
To: Randy Bush
Cc: nanog () nanog org
Subject: Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)



<..>


Furthermore, given that a trust algebra may yield a trust 
value, rather than a simple 0/1, is it reasonable to use that 
assessment as a BGP preference selector?  That would tie the 
security very deeply -- too deeply? -- into BGP's guts.


If you take the web of trust model,
I think a security value can be assigned to announced information based
on
a couple variables:

1) Distance from an absolute trusted authority.
2) The feedback rating of the announcer (like Ebay ;-)
3) A statically configured metric based on a field match with a set of
extracted
fields from the ID presented by the announcer.

Or a combination of both.

I think this was discussed in detail in the pre-formation stages of the
BGP Sec. Req.
document.

I also remember reading about a paper on a PGP like trust mesh with
variable trust values assigned 
based on distance etc, but I can't recall the authors.

All in all, this is not totally different from Viterbi decoding of
digital signals in the presence of noise in the way the trust values
would be constructed.
Previous By Date Next
Previous By Thread Next

Current thread: