IETF Logo Mail Archive

Re: [sidr] Key learning procedures in BGPsec?

Stephen Kent <kent@bbn.com> Tue, 24 January 2012 00:06 UTC

Return-Path: <kent@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD29B21F86BB for <sidr@ietfa.amsl.com>; Mon, 23 Jan 2012 16:06:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.438
X-Spam-Level:
X-Spam-Status: No, score=-105.438 tagged_above=-999 required=5 tests=[AWL=-0.372, BAYES_05=-1.11, DATE_IN_PAST_03_06=0.044, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nS-LtJr4A2wO for <sidr@ietfa.amsl.com>; Mon, 23 Jan 2012 16:06:14 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 095D821F86AA for <sidr@ietf.org>; Mon, 23 Jan 2012 16:06:14 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15]:46528 helo=[172.20.8.192]) by smtp.bbn.com with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1RpTts-000Fvc-HR; Mon, 23 Jan 2012 19:06:12 -0500
Mime-Version: 1.0
Message-Id: <p06240801cb43712287ed@[10.243.32.68]>
In-Reply-To: <12C07EA1-EDC5-4F88-99F7-B57B9AF53C53@verisign.com>
References: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com> <24B20D14B2CD29478C8D5D6E9CBB29F6074CA8@Hermes.columbia.ads.sparta.com> <A0B7EE2D-8E59-4DC8-9DC0-140E9574B479@verisign.com> <p06240804cb3caa4fd051@[128.89.89.66]> <CCE15AEB-D606-4A59-8118-BA5CD53413E8@verisign.com> <p06240807cb3e3e117777@[128.89.89.66]> <12C07EA1-EDC5-4F88-99F7-B57B9AF53C53@verisign.com>
Date: Mon, 23 Jan 2012 15:28:37 -0500
To: Eric Osterweil <eosterweil@verisign.com>
From: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: "sidr@ietf.org list" <sidr@ietf.org>
Subject: Re: [sidr] Key learning procedures in BGPsec?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2012 00:06:14 -0000

At 10:38 PM -0500 1/19/12, Eric Osterweil wrote:
>
>  > This is a local matter, so each ISP can decide what approach they 
>wish to adopt. I personally prefer installing the cert for the CA.
>
>Yeah, I see.  I agree that it should be a local policy decision, but 
>then how does this avoid my initial concern about relying on crypto 
>material that has been dispatched through customs (or some other 
>suspect medium), where key material could be intercepted and 
>extracted?

The focus of BGPSEC is improving inter-AS routing security. The 
operator of any AS may not do a great job of securing the keys 
associated with some or all of its routers. Other ASes will not, in 
general, be able to evaluate the operational security of an AS. 
BGPSEC tries to limit the extent to which an AS  can lie about routes 
that it propagates. Local (within an AS) security errors or poor 
practices do not undermine this security feature.

>Also, is it safe to assume that you would need the CA(s) to restrict 
>access to just your own routers (so that unknown routers/certs 
>cannot issue KGReqs that result in KGReses)?

A CA issuing certs to routers in an AS must have a way to verify that 
a cert request is form a legitimate source. There are various ways 
this can be done and, ultimately, this too is a local matter.

>  > When key escrow has been required, it has usually been mandated 
>for keys used for encryption, not for integrity or authentication. 
>Since we're discussing integrity & authentication here, it is not 
>clear that there are any applicable key escrow regulations.
>
>Sorry if I'm confused, but in the diagrams in 1.2.1 and 1.2.2, don't 
>the curly braces denote encrypted material?  I thought the responses 
>in the key exchanges where necessarily encrypted in this protocol? 
>Otherwise, the new private key is sent in the clear.  I fully accept 
>the possibility that I'm confused here, but if the material is 
>encrypted and needs to be decrypted, would the corresponding keys be 
>subject to escrow policies?

Typically no, because the use of the key being issued is for signing.

>  > Also, the IETF general policy has been to ignore any 
>nation-specific crypto regulations when  developing standards.
>
>I see, I guess I had thought we should be worried about the eventual 
>operational issues that might arise.  I didn't know this was taboo, 
>but shouldn't we find a way to address these concerns in order to 
>help ensure the design's operational relevance when it's finished? 
>I'm just bringing this up in the sprit of making this design more 
>relevant, not because I think there should be some official linkage 
>to escrow policies or anything.

In general it is appropriate to worry about operational issues. But, 
I'd suggest that key escrow is not within scope, based on previous 
IETF experience in related areas.

Steve

v2.23.0 | Report a Bug | By Email