North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: soBGP deployment

  • From: Tony Li
  • Date: Tue May 24 01:27:15 2005

> -- You must not rely on routing to secure routing.

I would like to point out that this goal is unnecesary.

First, we need to understand that for ANY solution to be deployable, it
must be incrementally deployable.  We do not get an Internet-wide flag
day for BGP.  The Internet must continue to function, regardless of the
percentage of NLRI that are actually authenticated.  For the forseeable
future, we will need to have a path selection policy that rejects any
information that clearly fails authentication, continues to use
unauthenticated prefixes, and prefers authenticated vs. unauthenticated.

Second, validating a certificate must be doable even if the router is
using unauthenticated prefixes to do so.  Remember that the crypto
properties of a certificate must make it unforgeable, and that routers
must have at least one reference point in the web of trust.  If the
route to the root of that web is spoofed, then the crypto will not be
able to validate any other certificates in the web, but this is NOT an
authentication failure -- the related NLRI are just unauthenticated, not

Obviously, authenticating the root certificate NLRI are our top
priority, but the system MUST continue to operate even without this.
This is the only way to truly address the chicken and egg problem.  I
think that this also highlights the need for multiple, diversely routed
certificate authorities.