BGP Security and PKI Hierarchies (was: Re: Wifi Security)
Steven M. Bellovin
smb at cs.columbia.edu
Thu Nov 24 03:19:37 UTC 2005
In message <20051124120010.2c2aed2a at garlic.apnic.net>, George Michaelson writes
:
>
>On Wed, 23 Nov 2005 17:54:44 -0800 (PST)
>"william(at)elan.net" <william at elan.net> wrote:
>
>>
>>
>> On Thu, 24 Nov 2005, George Michaelson wrote:
>>
>> > According to what I understand, there have to be two certificates
>> > per entity:
>> >
>> > one is the CA-bit enabled certificate, used to sign
>> > subsidiary certificates about resources being given to other people
>> > to use.
>> >
>> > the other is a self-signed NON-CA certificate, used to sign
>> > route assertions you are attesting to yourself: you make
>> > this cert using the CA cert you get from your logical parent.
>>
>> So how is the 2nd one different from the first?
>
>the important distinction is that the certificate used to sign resource
>assertions doesn't have the CA bit set.
>
More generally.... To a 0th and even a 1st approximation, a
certificate is just a binding of a public key to an identity. But
there's far more complexity, much of it actually necessary, to real
X.509 certificates, or the PKIX working group wouldn't have churned
out 32 RFCs...
One thing important here is the usage fields. For example, I just went
to https://www.microsoft.com and looked at its cert. Under "Certificate
Key Usage", it says "Signing" and "Key Encipherment". There's another
field, "Extended Key Usage", that Firefox can't decode. There are
other certificates, issued by Microsoft, that are identified as
code-signing certificates.
Here, we need several forms. One is just for communicating with the
RIR(s); that's a pretty ordinary identity cert. We need an AS cert (at
least for some proposals); that coudl be an identity cert, but with a name
of a special form. We need prefix ownership certs; these need a special
field identifying the prefix owned. (See RFC 3779, which also
describes AS certificates). We need the latter in CA form, for
delegation. There are probably a few more, depending on just how we
decide to secure BGP.
The purpose of all of these distinctions is to permit control over how
certificates are used, without relying on special-format names.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
More information about the NANOG
mailing list