Re: [sidr] Key learning procedures in BGPsec?
Stephen Kent <kent@bbn.com> Thu, 02 February 2012 15:16 UTC
Return-Path: <kent@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7E5B21F85A2 for <sidr@ietfa.amsl.com>; Thu, 2 Feb 2012 07:16:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.516
X-Spam-Level:
X-Spam-Status: No, score=-106.516 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C2C6EFsWMJtN for <sidr@ietfa.amsl.com>; Thu, 2 Feb 2012 07:16:06 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 426BE21F8598 for <sidr@ietf.org>; Thu, 2 Feb 2012 07:16:06 -0800 (PST)
Received: from dhcp89-089-190.bbn.com ([128.89.89.190]:49204) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1RsyOK-000FVM-Pq; Thu, 02 Feb 2012 10:16:04 -0500
Mime-Version: 1.0
Message-Id: <p06240814cb4cd1f900d6@[128.89.89.190]>
In-Reply-To: <CAH1iCiqGr8BJOk6nOpuTGTYNVJUwvXcdumTYbc=u1jBzyZQzmA@mail.gmail.com>
References: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6074CA8@Hermes.columbia.ads.sparta.com> <A0B7EE2D-8E59-4DC8-9DC0-140E9574B479@verisign.com> <p06240804cb3caa4fd051@128.89.89.66> <CCE15AEB-D606-4A59-8118-BA5CD53413E8@verisign.com> <p06240807cb3e3e117777@128.89.89.66> <12C07EA1-EDC5-4F88-99F7-B57B9AF53C53@verisign.com> <p06240801cb43712287ed@10.243.32.68> <79053E60-25FE-4A84-9391-F451C8F0E720@verisign.com> <p06240818cb477d54edae@128.89.89.66> <CAH1iCiq04z2k+q2xBFGmnoRyuHmrE44_8cdgjTN4JVg6YwJALw@mail.gmail.com> <24B20D14B2CD29478C8D5D6E9CBB29F6077830@Hermes.columbia.ads.sparta.com> <CAH1iCip4qD4ePPEng7uNVjz9ebO1U5A4oN_Dd5YneELxTUWrVw@mail.gmail.com> <p06240810cb4cc0b0119f@128.89.89.190> <CAH1iCiqGr8BJOk6nOpuTGTYNVJUwvXcdumTYbc=u1jBzyZQzmA@mail.gmail.com>
Date: Thu, 02 Feb 2012 10:15:59 -0500
To: Brian Dickson <brian.peter.dickson@gmail.com>
From: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: "sidr@ietf.org list" <sidr@ietf.org>
Subject: Re: [sidr] Key learning procedures in BGPsec?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2012 15:16:07 -0000
Brian, I see that Richard already commented on part of your DH message, but to close the loop: - DH uses public keys. no need for quotes here, as they are completely analogous to public keys for other asymmetric algorithms. - what you described is ephemeral DH. it is one version of DH, and not the one originally envisioned by Whit and Marty when the invented this alg. (Their initial proposal called for long-lived DH keys, because they wanted to bind the public keys to people, for authentication.) - static DH keys are used in certs. one way to use TLS with DH is based on cert-based DH keys. SMIME supports static-static and static-ephemeral DH modes (RFC 2631), but there is no pure ephemeral mode for SMIME, for obvious reasons. so, in a number of IETF contexts, DH is not used in a purely ephemeral fashion. - not all PKIs use long-lived certs, c.f., RFC 3280 (proxy certs). I am familiar with at least one large PKI-based system where a cert is distributed to each user with a one-time-use limitation, as part of a secure provisioning scheme. so, even when a key is in a cert, that does not imply that it has a long lifetime. - in some PKI contexts, very few certs are published, e.g., the typical TLS context. Here the TAs (which need not be certs) are published via browser distribution, but server certs (and client certs, when employed) are pushed inline. The same can be true for SMIME certs used to verify sigs, i.e., they can be passed inline vs. published. so, I was not able to follow the proposal you outlined in your long message about using hash values and nonces distributed via DNSSEC. However, I would agree with Ross's comment, i.e. any secret value used in the computation of a hash chain is the moral equivalent of a private/secret key. Thus compromise of that per-router secret also will have adverse consequences. I also will note that non-repudiation is not the required security service in this context. One needs broadcast authentication, a service offered by digital signatures. The authentication is "broadcast" in that an AS does not know all of the other ASes that will have to verify a sig (of whatever form) on an update. Steve
- [sidr] Key learning procedures in BGPsec? Eric Osterweil
- Re: [sidr] Key learning procedures in BGPsec? Murphy, Sandra
- Re: [sidr] Key learning procedures in BGPsec? Tim Bruijnzeels
- Re: [sidr] Key learning procedures in BGPsec? Sriram, Kotikalapudi
- Re: [sidr] Key learning procedures in BGPsec? Eric Osterweil
- Re: [sidr] Key learning procedures in BGPsec? Eric Osterweil
- Re: [sidr] Key learning procedures in BGPsec? Eric Osterweil
- Re: [sidr] Key learning procedures in BGPsec? Stephen Kent
- Re: [sidr] Key learning procedures in BGPsec? Stephen Kent
- Re: [sidr] Key learning procedures in BGPsec? Eric Osterweil
- Re: [sidr] Key learning procedures in BGPsec? Eric Osterweil
- Re: [sidr] Key learning procedures in BGPsec? Stephen Kent
- Re: [sidr] Key learning procedures in BGPsec? Stephen Kent
- Re: [sidr] Key learning procedures in BGPsec? Murphy, Sandra
- Re: [sidr] Key learning procedures in BGPsec? Eric Osterweil
- Re: [sidr] Key learning procedures in BGPsec? Eric Osterweil
- Re: [sidr] Key learning procedures in BGPsec? Stephen Kent
- Re: [sidr] Key learning procedures in BGPsec? Stephen Kent
- Re: [sidr] Key learning procedures in BGPsec? Eric Osterweil
- Re: [sidr] Key learning procedures in BGPsec? Eric Osterweil
- Re: [sidr] Key learning procedures in BGPsec? Stephen Kent
- Re: [sidr] Key learning procedures in BGPsec? Brian Dickson
- Re: [sidr] Key learning procedures in BGPsec? Murphy, Sandra
- Re: [sidr] Key learning procedures in BGPsec? Brian Dickson
- Re: [sidr] Key learning procedures in BGPsec? Murphy, Sandra
- Re: [sidr] Key learning procedures in BGPsec? Stephen Kent
- Re: [sidr] Key learning procedures in BGPsec? Stephen Kent
- Re: [sidr] Key learning procedures in BGPsec? Brian Dickson
- Re: [sidr] Key learning procedures in BGPsec? Richard Barnes
- Re: [sidr] Key learning procedures in BGPsec? Brian Dickson
- Re: [sidr] Key learning procedures in BGPsec? Brian Dickson
- Re: [sidr] Key learning procedures in BGPsec? Ross.Anderson@cl.cam.ac.uk
- Re: [sidr] Key learning procedures in BGPsec? Richard Barnes
- [sidr] Key learning procedures in BGPsec? Ross Anderson
- Re: [sidr] Key learning procedures in BGPsec? Murphy, Sandra
- Re: [sidr] Key learning procedures in BGPsec? Stephen Kent
- Re: [sidr] Key learning procedures in BGPsec? Brian Dickson
- Re: [sidr] Key learning procedures in BGPsec? Stephen Kent
- Re: [sidr] Key learning procedures in BGPsec? Murphy, Sandra
- Re: [sidr] Key learning procedures in BGPsec? Brian Dickson