IETF Logo Mail Archive

Re: [sidr] Key learning procedures in BGPsec?

"Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov> Wed, 18 January 2012 13:48 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AE7021F87E0 for <sidr@ietfa.amsl.com>; Wed, 18 Jan 2012 05:48:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XP1VJggAXL-B for <sidr@ietfa.amsl.com>; Wed, 18 Jan 2012 05:48:58 -0800 (PST)
Received: from wsget1.nist.gov (wsget1.nist.gov [129.6.13.150]) by ietfa.amsl.com (Postfix) with ESMTP id 4C50121F86DE for <sidr@ietf.org>; Wed, 18 Jan 2012 05:48:57 -0800 (PST)
Received: from WSXGHUB2.xchange.nist.gov (129.6.18.19) by wsget1.nist.gov (129.6.13.150) with Microsoft SMTP Server (TLS) id 14.1.355.2; Wed, 18 Jan 2012 08:48:52 -0500
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB2.xchange.nist.gov ([129.6.18.19]) with mapi; Wed, 18 Jan 2012 08:46:45 -0500
From: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>
To: Eric Osterweil <eosterweil@verisign.com>, "sidr@ietf.org list" <sidr@ietf.org>
Date: Wed, 18 Jan 2012 08:42:38 -0500
Thread-Topic: [sidr] Key learning procedures in BGPsec?
Thread-Index: AczVcNRPW24BV+twTmSKB+xyWa/SBgAdjcZr
Message-ID: <D7A0423E5E193F40BE6E94126930C4930905C5E593@MBCLUSTER.xchange.nist.gov>
References: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com>
In-Reply-To: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Subject: Re: [sidr] Key learning procedures in BGPsec?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2012 13:48:59 -0000

>For that matter, what do people think about the issue that a private key 
>could simply be covertly extracted from an AS' routers that are deployed 
>in far off lands?  Wouldn't this kind of compromise be a terrifying security 
>threat to most ISPs?  

Eric,

We (BGPSEC document authors) had considered this problem.
It is mitigated by having 'Key per Router' as discussed in:
http://tools.ietf.org/html/draft-sriram-bgpsec-design-choices-01#section-4.5

4.5.   Key Per Router (Rouge Router Problem)

4.5.1.  Decision

   Within each AS, each individual BGPSEC router can have a unique pair
   of private and public keys.

4.5.2.  Discussion

   If a router is compromised, its key pair can be revoked
   independently, without disrupting the other routers in the AS.  Each
   per-router key-pair will be represented in an end-entity certificate
   issued under the CA cert of the AS.  The Subject Key Identifier (SKI)
   in the signature points to the router certificate (and thus the
   unique public key) of the router that affixed its signature, so that
   a validating router can reliably identify the public key to use for
   signature verification.

Sriram

P.S. In case you had not seen the cited document
(draft-sriram-bgpsec-design-choices) before,
it is a design rationale discussion document and is a companion to
draft-lepinski-bgpsec-protocol-00.txt (our initial individual draft submission).

v2.23.0 | Report a Bug | By Email