IETF Logo Mail Archive

Re: [sidr] Key learning procedures in BGPsec?

Eric Osterweil <eosterweil@verisign.com> Fri, 20 January 2012 03:39 UTC

Return-Path: <eosterweil@verisign.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0605521F85FD for <sidr@ietfa.amsl.com>; Thu, 19 Jan 2012 19:39:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.532
X-Spam-Level:
X-Spam-Status: No, score=-6.532 tagged_above=-999 required=5 tests=[AWL=0.067, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aFVjfCiKP4LL for <sidr@ietfa.amsl.com>; Thu, 19 Jan 2012 19:39:36 -0800 (PST)
Received: from exprod6og115.obsmtp.com (exprod6og115.obsmtp.com [64.18.1.35]) by ietfa.amsl.com (Postfix) with ESMTP id C6A7D21F85BE for <sidr@ietf.org>; Thu, 19 Jan 2012 19:39:35 -0800 (PST)
Received: from osprey.verisign.com ([216.168.239.75]) (using TLSv1) by exprod6ob115.postini.com ([64.18.5.12]) with SMTP ID DSNKTxjh9eDPW4daxSJQSbVb70m8IQjB/y9a@postini.com; Thu, 19 Jan 2012 19:39:35 PST
Received: from dul1wnexcn03.vcorp.ad.vrsn.com (dul1wnexcn03.vcorp.ad.vrsn.com [10.170.12.113]) by osprey.verisign.com (8.13.6/8.13.4) with ESMTP id q0K3dWUr014736; Thu, 19 Jan 2012 22:39:32 -0500
Received: from dul1eosterwe-m1.vcorp.ad.vrsn.com ([10.100.1.67]) by dul1wnexcn03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 19 Jan 2012 22:39:32 -0500
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Eric Osterweil <eosterweil@verisign.com>
In-Reply-To: <p06240808cb3e3f6ac87a@[128.89.89.66]>
Date: Thu, 19 Jan 2012 22:39:32 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <8A9451E4-35C1-456B-960C-7FD150C0CF4C@verisign.com>
References: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com> <p06240806cb3cd066c995@[128.89.89.66]> <59DDDCF5-4FED-4B66-9739-59BAECD00027@verisign.com> <p06240808cb3e3f6ac87a@[128.89.89.66]>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1084)
X-OriginalArrivalTime: 20 Jan 2012 03:39:32.0677 (UTC) FILETIME=[1F5BBF50:01CCD725]
Cc: "sidr@ietf.org list" <sidr@ietf.org>
Subject: Re: [sidr] Key learning procedures in BGPsec?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2012 03:39:37 -0000

On Jan 19, 2012, at 5:18 PM, Stephen Kent wrote:

> At 3:07 PM -0500 1/19/12, Eric Osterweil wrote:
>> ...
>> 
>> Where "fairly large" could approximate a number that is on the order of the number of all BGPsec routers in the global routing system, right (~millions)?  I would imaging that keeping a coherent cache of these keys at every ISP would be a major concern, no?  That's potentially a huge challenge when you include churn, revocation, etc, right?
> 
> It's not clear how many different router certs we will see, but I agree that it may be substantial. it will likely be a mix of per-As and per-router certs, spread over all of the participating ASes.
> 
> Even if there are many fewer certs, inconsistent caches would pose a problem. Unless we're discussing an emergency rekey for a cert, the smart procedure is to post a new cert well before the old one expires, allowing RPs to retrieve the new one in plenty of time.

Yeah, I agree with your comment about getting keys out ahead of time.  However, with a corpus of keys that could well order in the millions, I would worry that the inherent churn and resource requirements are going to be well more than we are (or at least I was) expecting.

> There is not yet an operational guidance doc for router cert management, but
> I anticipate this sort of guidance will appear there.

Will it include some discussion about scaling?  I think this key-per-router idea could turn out to be Pandora's box.  While having a key or two per AS or per prefix may allow us to use elements of today's routing system to give us some idea about how churn and dynamics _may_ look, I'm kind of worried now that we haven't properly evaluated how enormous the resource dependencies will be with per-router-keys.  Are there any specific plans to write this up anywhere?

Eric

v2.23.0 | Report a Bug | By Email