IETF Logo Mail Archive

Re: [sidr] Key learning procedures in BGPsec?

Eric Osterweil <eosterweil@verisign.com> Wed, 18 January 2012 15:26 UTC

Return-Path: <eosterweil@verisign.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF0D921F86D9 for <sidr@ietfa.amsl.com>; Wed, 18 Jan 2012 07:26:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.524
X-Spam-Level:
X-Spam-Status: No, score=-6.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MIvqjx09ImiP for <sidr@ietfa.amsl.com>; Wed, 18 Jan 2012 07:26:53 -0800 (PST)
Received: from exprod6og112.obsmtp.com (exprod6og112.obsmtp.com [64.18.1.29]) by ietfa.amsl.com (Postfix) with ESMTP id DE9DA21F86D6 for <sidr@ietf.org>; Wed, 18 Jan 2012 07:26:52 -0800 (PST)
Received: from osprey.verisign.com ([216.168.239.75]) (using TLSv1) by exprod6ob112.postini.com ([64.18.5.12]) with SMTP ID DSNKTxbkuneIeuwdGVwIszlX8lu2L+qn0XwN@postini.com; Wed, 18 Jan 2012 07:26:52 PST
Received: from dul1wnexcn01.vcorp.ad.vrsn.com (dul1wnexcn01.vcorp.ad.vrsn.com [10.170.12.138]) by osprey.verisign.com (8.13.6/8.13.4) with ESMTP id q0IFQmG2011875; Wed, 18 Jan 2012 10:26:48 -0500
Received: from dul1eosterwe-m1.vcorp.ad.vrsn.com ([10.88.30.33]) by dul1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 18 Jan 2012 10:26:47 -0500
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Eric Osterweil <eosterweil@verisign.com>
In-Reply-To: <D7A0423E5E193F40BE6E94126930C4930905C5E593@MBCLUSTER.xchange.nist.gov>
Date: Wed, 18 Jan 2012 10:26:47 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <2B973EA6-0652-4BD3-9C46-AC9837EA5EB6@verisign.com>
References: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com> <D7A0423E5E193F40BE6E94126930C4930905C5E593@MBCLUSTER.xchange.nist.gov>
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
X-Mailer: Apple Mail (2.1084)
X-OriginalArrivalTime: 18 Jan 2012 15:26:47.0480 (UTC) FILETIME=[97A55380:01CCD5F5]
Cc: "sidr@ietf.org list" <sidr@ietf.org>
Subject: Re: [sidr] Key learning procedures in BGPsec?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2012 15:26:53 -0000

Hey Sriram,

On Jan 18, 2012, at 8:42 AM, Sriram, Kotikalapudi wrote:

>> For that matter, what do people think about the issue that a private key 
>> could simply be covertly extracted from an AS' routers that are deployed 
>> in far off lands?  Wouldn't this kind of compromise be a terrifying security 
>> threat to most ISPs?  
> 
> Eric,
> 
> We (BGPSEC document authors) had considered this problem.
> It is mitigated by having 'Key per Router' as discussed in:
> http://tools.ietf.org/html/draft-sriram-bgpsec-design-choices-01#section-4.5
> 
> 4.5.   Key Per Router (Rouge Router Problem)
> 
> 4.5.1.  Decision
> 
>   Within each AS, each individual BGPSEC router can have a unique pair
>   of private and public keys.
> 
> 4.5.2.  Discussion
> 
>   If a router is compromised, its key pair can be revoked
>   independently, without disrupting the other routers in the AS.  Each
>   per-router key-pair will be represented in an end-entity certificate
>   issued under the CA cert of the AS.  The Subject Key Identifier (SKI)
>   in the signature points to the router certificate (and thus the
>   unique public key) of the router that affixed its signature, so that
>   a validating router can reliably identify the public key to use for
>   signature verification.

Indeed, I knew about this (and even remember a NANOG discussion about it in Denver, I think).  I mentioned one of my concerns surrounding this in an email, just moments ago: 
1 - I think this could lead to quite a lot of state that consuming routers need, in order to verify any possible updates received from an AS.  In the previous email, I gave a more detailed response.
- but also -
2 - If there is such a compromise, how is it addressed?  In order to get a new key in there, does someone need to send a whole new router to replace the old one?  Do we envision putting sensitive private key info on some kind of electronic media and sending it via FedEx, etc?
3 - If new key material is to be shipped in to the same location that the last one was compromised in (in a new router, on a CD, or whatever) aren't we just putting the new key signing materials in the same not-so-secure-environment, and should we give some thought to how easy it might be to extract this information from a router?

> 
> Sriram
> 
> P.S. In case you had not seen the cited document
> (draft-sriram-bgpsec-design-choices) before,
> it is a design rationale discussion document and is a companion to
> draft-lepinski-bgpsec-protocol-00.txt (our initial individual draft submission).

Yeah, I did see this.  I guess I was hoping that there was some kind of discussion text, intuition, or an explanation of the intricacies that are inherent to this proposition (re: the comments I made above and in the last few emails).  THanks for the pointer though.  I'll re-read this draft's diffs (as I see it's been updated since Taipei), thanks! :)

Eric

v2.23.0 | Report a Bug | By Email