North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
- From: william(at)elan.net
- Date: Wed Nov 23 00:22:38 2005
On Tue, 22 Nov 2005, Bora Akyol wrote:
Furthermore, given that a trust algebra may yield a trust
value, rather than a simple 0/1, is it reasonable to use that
assessment as a BGP preference selector? That would tie the
security very deeply -- too deeply? -- into BGP's guts.
If you take the web of trust model,
I think a security value can be assigned to announced information based
on a couple variables:
1) Distance from an absolute trusted authority.
Who is your absolute trusted authority? May this role possibly be
filled by whoever allocates ip addresses to everyone?
Why am I suddenly feeling like some parts of the internet are "better"
then others (and that I'll even be able to tell which ones to some
absolute value)? I wonder how quickly this would lead to fragmentation
2) The feedback rating of the announcer (like Ebay ;-)
of the net....
3) A statically configured metric based on a field match with a set of
extracted fields from the ID presented by the announcer.
Did you mean to say a filter based announcer BGP communities?
Or a combination of both.
I think this was discussed in detail in the pre-formation stages of the
BGP Sec. Req. document.
And its not in the produced requirements document as far as I can see.
I also remember reading about a paper on a PGP like trust mesh with
Web of trust metrics for PGP have been discussed in several papers (don't
think it was ever for BGP). One of the problems is that it requires some
central server that has access to list to all relationships and is able to
quickly calculate trust metric from you to somebody else. Reliance on such
central service can be a bit of a problem i.e. a single central point for
attack, etc. (This is not say that RIR signed do not present some similar
issues as they would have to distribute revocation data, but those can go
as CRLs and at not necessarily queried for every path calculation like it
would be with central server).
variable trust values assigned based on distance etc, but I can't recall
You can also just distribute all the relationship certs but then amount
of data you have to distribute is going to be huge and each end-node
would have to calculate the metrics (which calculation is going to be on
the order of trying to use Dijkstra SPF with 50,000+ nodes in single OSPF
area - never tried anything close but I don't think such network would
converge quickly) where as single server can at least cache the previous
results although I think the problem would still be there (it can work at
least it appears to be possible with PGP).