Re: Autonomous System Sanity Protocol
William Allen Simpson <wsimpson@greendragon.com> Tue, 29 April 1997 20:05 UTC
Received: from cnri by ietf.org id aa11353; 29 Apr 97 16:05 EDT
Received: from murtoa.cs.mu.OZ.AU by CNRI.Reston.VA.US id aa18727; 29 Apr 97 16:05 EDT
Received: from mailing-list by murtoa.cs.mu.OZ.AU (8.6.9/1.0) id FAA14872; Wed, 30 Apr 1997 05:58:02 +1000
Received: from munnari.OZ.AU by murtoa.cs.mu.OZ.AU (8.6.9/1.0) with SMTP id FAA14820; Wed, 30 Apr 1997 05:50:29 +1000
Received: from merit.edu by munnari.OZ.AU with SMTP (5.83--+1.3.1+0.56) id TA22295; Wed, 30 Apr 1997 05:50:24 +1000 (from wsimpson@greendragon.com)
Received: from Bill.Simpson.DialUp.Mich.Net (pm047-10.dialip.mich.net [141.211.6.52]) by merit.edu (8.8.5/8.8.5) with SMTP id PAA07240 for <big-internet@munnari.OZ.AU>; Tue, 29 Apr 1997 15:50:18 -0400 (EDT)
Date: Tue, 29 Apr 1997 19:17:18 +0000
From: William Allen Simpson <wsimpson@greendragon.com>
Message-Id: <5760.wsimpson@greendragon.com>
To: big-internet@munnari.oz.au
Subject: Re: Autonomous System Sanity Protocol
Precedence: bulk
> From: Tony Li <tli@jnx.com> > Date: 26 Apr 1997 18:54:18 -0700 > Exactly so. What's truly needed is a delegation of authority to advertise > prefixes. We'd also need a means of verifying that authority. What Radia > describes is sufficient to guarantee that the path advertised matches > reality, which is necessary if we're out to secure the protocol against > liars and bad guys. > > However, if we assume that the basic protocol machinery is correct and are > out to protect us against ourselves, the delegation problem is the correct > one to solve. Note that any practical solution probably requires some type > of key management solution already deployed. One then needs to be able to > see a hierarchy of signed and trusted address space delegations. > I was with you right up to that last statement. I posit that in protecting against "liars and bad guys", we also protect "us against ourselves" by _ensuring_ that the basic machinery is correct. I see no use at all for "signed and trusted address space delegations." The delegation we need is from address space _TO_ AS (or router in the AS, or confederation, or abstraction area, or what-have-you). That is a delegation of "routing authority" rather than of prefix heirarchy. My thought is that the current DNS Security model does not do this cleanly, but I may be missing something. Simple Public Key Infrastructure (SPKI) has a delegation of authority model as its basis. How hard would it be to map SPKI or SDSI delegations of routing authority into DNS-Sec for the inverse address mapping? WSimpson@UMich.edu Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 BSimpson@MorningStar.com Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2
- Re: Autonomous System Sanity Protocol Bill Manning
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Per Gregers Bilse
- Re: Autonomous System Sanity Protocol Pedro Marques
- Re: Autonomous System Sanity Protocol Tony Li
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Michael Dillon
- Re: Autonomous System Sanity Protocol RADIA PERLMAN
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Tony Li
- Re: Autonomous System Sanity Protocol Jeremy Porter
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Valdis.Kletnieks
- Re: Autonomous System Sanity Protocol Andrew Partan
- Re: Autonomous System Sanity Protocol Tony Li
- Re: Autonomous System Sanity Protocol Jeff Young
- Re: Autonomous System Sanity Protocol Bill Manning
- Re: Autonomous System Sanity Protocol Tony Li
- Re: Autonomous System Sanity Protocol Donald E. Eastlake 3rd
- Re: Autonomous System Sanity Protocol Jon Crowcroft
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Donald E. Eastlake 3rd
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Andrew Partan
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol William Allen Simpson
- Re: Autonomous System Sanity Protocol William Allen Simpson
- Re: Autonomous System Sanity Protocol Tim Bass
- Re: Autonomous System Sanity Protocol Jon Crowcroft