Re: Autonomous System Sanity Protocol
Tony Li <tli@jnx.com> Sun, 27 April 1997 02:05 UTC
Received: from cnri by ietf.org id aa03875; 26 Apr 97 22:05 EDT
Received: from murtoa.cs.mu.OZ.AU by CNRI.Reston.VA.US id aa18433; 26 Apr 97 22:05 EDT
Received: from mailing-list by murtoa.cs.mu.OZ.AU (8.6.9/1.0) id LAA10277; Sun, 27 Apr 1997 11:57:53 +1000
Received: from munnari.OZ.AU by murtoa.cs.mu.OZ.AU (8.6.9/1.0) with SMTP id LAA10248; Sun, 27 Apr 1997 11:54:35 +1000
Received: from red.jnx.com by munnari.OZ.AU with SMTP (5.83--+1.3.1+0.56) id BA13086; Sun, 27 Apr 1997 11:54:33 +1000 (from tli@jnx.com)
Received: from chimp.jnx.com (chimp.jnx.com [208.197.169.6]) by red.jnx.com (8.8.5/8.8.5) with ESMTP id SAA04667; Sat, 26 Apr 1997 18:54:31 -0700 (PDT)
Received: (from tli@localhost) by chimp.jnx.com (8.7.6/8.7.3) id SAA00750; Sat, 26 Apr 1997 18:54:19 -0700 (PDT)
To: RADIA PERLMAN <RADIA_PERLMAN@novell.com>
Cc: big-internet@munnari.oz.au
Subject: Re: Autonomous System Sanity Protocol
References: <s36208f0.063@novell.com>
From: Tony Li <tli@jnx.com>
Date: Sat, 26 Apr 1997 18:54:18 -0700
In-Reply-To: RADIA_PERLMAN@novell.com's message of 26 Apr 97 17:52:53 GMT
Message-Id: <82u3kt6xit.fsf@chimp.jnx.com>
Lines: 23
X-Mailer: Gnus v5.3/Emacs 19.34
Precedence: bulk
RADIA_PERLMAN@novell.com (RADIA PERLMAN) writes: > BGP is actually somewhat like a link state protocol, in that the entire > path is given. If each router signs its path to D, then when router R > chooses among the routes given by each of its neighbors, it chooses one, > and can preserve that neighbor's signature, and then add its own. So > there would be a signature for each BGP-hop. I don't think that solves > too much, though, since the problem is a legitimate router being > misconfigured rather than having malicious people inject messages. Exactly so. What's truly needed is a delegation of authority to advertise prefixes. We'd also need a means of verifying that authority. What Radia describes is sufficient to guarantee that the path advertised matches reality, which is necessary if we're out to secure the protocol against liars and bad guys. However, if we assume that the basic protocol machinery is correct and are out to protect us against ourselves, the delegation problem is the correct one to solve. Note that any practical solution probably requires some type of key management solution already deployed. One then needs to be able to see a hierarchy of signed and trusted address space delegations. Tony
- Re: Autonomous System Sanity Protocol Bill Manning
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Per Gregers Bilse
- Re: Autonomous System Sanity Protocol Pedro Marques
- Re: Autonomous System Sanity Protocol Tony Li
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Michael Dillon
- Re: Autonomous System Sanity Protocol RADIA PERLMAN
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Tony Li
- Re: Autonomous System Sanity Protocol Jeremy Porter
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Valdis.Kletnieks
- Re: Autonomous System Sanity Protocol Andrew Partan
- Re: Autonomous System Sanity Protocol Tony Li
- Re: Autonomous System Sanity Protocol Jeff Young
- Re: Autonomous System Sanity Protocol Bill Manning
- Re: Autonomous System Sanity Protocol Tony Li
- Re: Autonomous System Sanity Protocol Donald E. Eastlake 3rd
- Re: Autonomous System Sanity Protocol Jon Crowcroft
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Donald E. Eastlake 3rd
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol Andrew Partan
- Re: Autonomous System Sanity Protocol Noel Chiappa
- Re: Autonomous System Sanity Protocol William Allen Simpson
- Re: Autonomous System Sanity Protocol William Allen Simpson
- Re: Autonomous System Sanity Protocol Tim Bass
- Re: Autonomous System Sanity Protocol Jon Crowcroft