IETF Logo Mail Archive

Re: [sidr] Key learning procedures in BGPsec?

"Murphy, Sandra" <Sandra.Murphy@sparta.com> Thu, 02 February 2012 20:11 UTC

Return-Path: <Sandra.Murphy@sparta.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5BD721F867F for <sidr@ietfa.amsl.com>; Thu, 2 Feb 2012 12:11:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.45
X-Spam-Level:
X-Spam-Status: No, score=-102.45 tagged_above=-999 required=5 tests=[AWL=0.149, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CuxM7YqvlKtm for <sidr@ietfa.amsl.com>; Thu, 2 Feb 2012 12:11:37 -0800 (PST)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 20E5C21F867E for <sidr@ietf.org>; Thu, 2 Feb 2012 12:11:37 -0800 (PST)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q12KBQ9P001001; Thu, 2 Feb 2012 14:11:27 -0600
Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q12KBQOG029781; Thu, 2 Feb 2012 14:11:26 -0600
Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([::1]) with mapi id 14.01.0355.002; Thu, 2 Feb 2012 15:11:26 -0500
From: "Murphy, Sandra" <Sandra.Murphy@sparta.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>, Stephen Kent <kent@bbn.com>
Thread-Topic: [sidr] Key learning procedures in BGPsec?
Thread-Index: AQHM4dp7uc3Eip6I+kepCBOaAHZARZYp+ctI
Date: Thu, 02 Feb 2012 20:11:25 +0000
Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F6084028@Hermes.columbia.ads.sparta.com>
References: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6074CA8@Hermes.columbia.ads.sparta.com> <A0B7EE2D-8E59-4DC8-9DC0-140E9574B479@verisign.com> <p06240804cb3caa4fd051@128.89.89.66> <CCE15AEB-D606-4A59-8118-BA5CD53413E8@verisign.com> <p06240807cb3e3e117777@128.89.89.66> <12C07EA1-EDC5-4F88-99F7-B57B9AF53C53@verisign.com> <p06240801cb43712287ed@10.243.32.68> <79053E60-25FE-4A84-9391-F451C8F0E720@verisign.com> <p06240818cb477d54edae@128.89.89.66> <CAH1iCiq04z2k+q2xBFGmnoRyuHmrE44_8cdgjTN4JVg6YwJALw@mail.gmail.com> <24B20D14B2CD29478C8D5D6E9CBB29F6077830@Hermes.columbia.ads.sparta.com> <CAH1iCip4qD4ePPEng7uNVjz9ebO1U5A4oN_Dd5YneELxTUWrVw@mail.gmail.com> <p06240810cb4cc0b0119f@128.89.89.190> <CAH1iCiqGr8BJOk6nOpuTGTYNVJUwvXcdumTYbc=u1jBzyZQzmA@mail.gmail.com> <p06240814cb4cd1f900d6@128.89.89.190>, <CAH1iCioVEWkYs+5UZX5ihiSsmoa=vaQAuhhKj8n+kUnubjxi7Q@mail.gmail.com>
In-Reply-To: <CAH1iCioVEWkYs+5UZX5ihiSsmoa=vaQAuhhKj8n+kUnubjxi7Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.185.63.137]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "sidr@ietf.org list" <sidr@ietf.org>
Subject: Re: [sidr] Key learning procedures in BGPsec?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2012 20:11:37 -0000

As regular ol' member:

On Thursday, February 02, 2012, Brian Dickson said:

Comments on two of your statements.

>The _only_ information is an _encoding_ of which AS neighbors A has,
>under a zone controlled by A exclusively.
...
>What is published is per-AS feasible-neighbor-AS information.
>
>It does not stop literal forging of AS paths or their signatures.

This model of security is not what the wg charter calls for.  And it would not meet the requirements in the requirements document.

I personally would expect objections to a security solution that claimed it would not stop forging of AS_PATHs.  

>(Contrast this with the risk of exposed on-router private keys, where
>literally _any_ AS-path could be forged via the AS of that router,
>off-axis.)

I believe you are wrong here.

The holder of the private key for an AS can not produce the signatures for the ASs that precede it in the AS_PATH, nor the signatures for the ASs that follow it in the AS_PATH.

By example:  consider an AS_PATH A-B-C-D-E

The holder of the private key for C cannot produce the signature attributes produced by A, B, D, or E.

It can produce an update and a new signature for A-B-C, but *only* if it has a valid bgpsec update that
A sent to B and B sent to C.  It can not produce the signatures that D and E would add.

(Each bgpsec signature protects all previous signatures.)

It is not true that "literally _any_ AS-path could be forged via the AS of that router, off-axis"


--Sandy, speaking as regular ol' member

v2.23.0 | Report a Bug | By Email