nanog mailing list archives

Re: Routing Insecurity (Re: BGP in the Washington Post)

From: Randy Bush <randy () psg com>
Date: Wed, 10 Jun 2015 06:31:07 -0700

rtfm.  bgpsec key aggregation is at the descretion of the operator.
they could use one key to cover 42 ASs.


I've been reading the presentations and the mailing lists, both of
which imply you should use one key per router for security reasons.
I would tend to agree with that assessment, BTW.


folk have different threat models.  yours (and mine) may be
propagation of router compromise.  for others, it might be a subtle
increase in disclosure of router links.  contrary to your original
assertion, the protocol supports both.

randy

Current thread:

Re: Routing Insecurity (Re: BGP in the Washington Post), (continued)
- - - Re: Routing Insecurity (Re: BGP in the Washington Post) Ethan Katz-Bassett (Jun 02)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 03)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 04)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Roland Dobbins (Jun 04)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 09)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Valdis . Kletnieks (Jun 09)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Valdis . Kletnieks (Jun 09)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Randy Bush (Jun 10)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Randy Bush (Jun 10)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 10)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Sandra Murphy (Jun 10)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 11)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 11)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Christopher Morrow (Jun 11)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Sandra Murphy (Jun 10)
    - RE: Routing Insecurity (Re: BGP in the Washington Post) Russ White (Jun 11)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) David Mandelberg (Jun 04)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Mark Andrews (Jun 02)
    - Re: Routing Insecurity (Re: BGP in the Washington Post) Danny McPherson (Jun 03)

(Thread continues...)