Re: RPKI for dummies

[John Kristoff <jtk () depaul edu>]

On Sun, 23 Aug 2020 12:40:19 +0000
Dovid Bender <dovid () telecurve com> wrote:

> Ok. So here is another n00b question. Why don't we have something
> where when we advertise IP space we also pass along a cert [...]

Take a look at:

  Stephen Kent, Charles Lynn, and Karen Seo. 2000. Secure border gateway
  protocol (S-BGP). IEEE Journal on Selected areas in Communications 18, 4 (2000),
  582–592.

and

  Russ White. 2003. Securing BGP: soBGP. Internet Protocol Journal 6, 3
  (Sept. 2003), 15–22.

Two precursors to the system we have today.  Both proposed some form of
including PKI-related matter in BGP messages.  Neither system gained
much actual traction outside of the design phase as far as I know.
Some might suggest that a lot of time was spent debating how to do it
with little actual progress or experimentation done.  The current
approach has echoes of those ideas with the obvious difference as you
imply, it is independent from BGP.  This poses some challenges to
providing a complete solution, but was probably necessary for deployment
and might prove useful if something other than wants to BGP uses it.

John