BGP over TLS

• Previous message (by thread): BGP over TLS
• Next message (by thread): BGP over TLS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Once upon a time, Keith Medcalf <kmedcalf at dessus.com> said:
> I believe that an endpoint (lets call it Alice) can connect to another endpoint (lets call it Bob) and Alice can say to Bob, "Hello Dude, lets negotiate a secret key between us".  "Yokkely dokelly", says Bob, "Lets do that".  They then exchange some stuff to and fro and then Alice says "Righty then, lets encrypt!" and Bob says, "Yabba Doodle Doo".
> 
> At this point further communications are encrypted and secure against eavesdropping.  Alice still has no idea who she is talking to (other than it is the dude that picked up the phone), and Bob has no idea who he is talking too other than the fact it is whoever rang him up.

But if Alice and Bob don't know that they're talking to each other, they
could already be being eavesdropped on.  Chuck could have answered
Alice's call, turned around and called Bob, connected the two, and be
listening in (and potentially even modifying communications between
Alice and Bob).

This is why encryption without some type of endpoint authentication is
not secure.

I could see BGP over TLS requiring each end sharing a CA public cert in
advance - this would allow each end to re-gen keys at will.  The BGP
config could easily limit a particular peer to a particular CA (so when
I peer with Google, they send me or otherwise publish their BGP CA, and
I limit my Google peers to that CA).

This could replace trying to securely share MD5 keys today - a BGP CA
could be published (possibly even at RIRs).
-- 
Chris Adams <cma at cmadams.net>

• Previous message (by thread): BGP over TLS
• Next message (by thread): BGP over TLS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]