BGP Security and PKI Hierarchies (was: Re: Wifi Security)

• Previous message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Next message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 22 Nov 2005, Bora Akyol wrote:

>> Furthermore, given that a trust algebra may yield a trust
>> value, rather than a simple 0/1, is it reasonable to use that
>> assessment as a BGP preference selector?  That would tie the
>> security very deeply -- too deeply? -- into BGP's guts.
>
> If you take the web of trust model,
> I think a security value can be assigned to announced information based
> on a couple variables:
>
> 1) Distance from an absolute trusted authority.

Who is your absolute trusted authority? May this role possibly be
filled by whoever allocates ip addresses to everyone?

> 2) The feedback rating of the announcer (like Ebay ;-)

Why am I suddenly feeling like some parts of the internet are "better" 
then others (and that I'll even be able to tell which ones to some 
absolute value)? I wonder how quickly this would lead to fragmentation
of the net....

> 3) A statically configured metric based on a field match with a set of
> extracted fields from the ID presented by the announcer.

Did you mean to say a filter based announcer BGP communities?

> Or a combination of both.
>
> I think this was discussed in detail in the pre-formation stages of the
> BGP Sec. Req. document.

And its not in the produced requirements document as far as I can see.

> I also remember reading about a paper on a PGP like trust mesh with
> variable trust values assigned based on distance etc, but I can't recall 
> the authors.

Web of trust metrics for PGP have been discussed in several papers (don't 
think it was ever for BGP). One of the problems is that it requires some 
central server that has access to list to all relationships and is able to 
quickly calculate trust metric from you to somebody else. Reliance on such 
central service can be a bit of a problem i.e. a single central point for 
attack, etc. (This is not say that RIR signed do not present some similar 
issues as they would have to distribute revocation data, but those can go 
as CRLs and at not necessarily queried for every path calculation like it 
would be with central server).

You can also just distribute all the relationship certs but then amount
of data you have to distribute is going to be huge and each end-node
would have to calculate the metrics (which calculation is going to be on
the order of trying to use Dijkstra SPF with 50,000+ nodes in single OSPF 
area - never tried anything close but I don't think such network would 
converge quickly) where as single server can at least cache the previous 
results although I think the problem would still be there (it can work at 
least it appears to be possible with PGP).

-- 
William Leibzon
Elan Networks
william at elan.net

• Previous message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Next message (by thread): BGP Security and PKI Hierarchies (was: Re: Wifi Security)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]