BGP certificate insanity was: (DHS insanity - offtopic)

michael.dillon at bt.com michael.dillon at bt.com
Tue Apr 24 10:51:04 UTC 2007


> How can anybody be sure that the random peering tech they are 
> talking  
> to really works for the organisation listed in the whois record? By  
> visual inspection of the e-mail address?

Do people really talk to random peering techs? I thought that peering
contacts were all set up via face-to-face meetings. In any case, if it
is email authentication that you are after, putting certificates in your
router will not help you.

Also, normal business practices can be very useful to establish the
identity of people. For instance, call the company where said peering
tech works, and ask for their extension. If you can't reach them by
phone, then tell them that you need to discuss the matter with their
boss. Everybody has a boss and should be willing to identify the boss by
name. Then phone the company and ask for the boss by name. If there is
still no luck, then you know that your leg is being pulled.

> A faxed LOA on company  
> letterhead?

A lot of people do require LOAs on company letterhead to begin peering
but I'm not sure faxed documents are good enough. In addition, a lot of
companies define the contact points in the peering agreeements so you
know who is who at the other side and how to reach them (direct dial
phone numbers). There is also INOC-DBA where somebody else has done some
level of authentication of people at your peers.

In other words, there are lots of reasonable ways to solve this problem
without having to put the complexity and load of crypto on your routers.

The advantage of applying reasonable processes to the problem is that
any reasonably intelligent person in your business can verify that the
process works. Once you go to crypto, it all becomes a mysterious
blackbox that nobody in your company can verify. You just have to trust
it all because somebody, somewhere, says that it should be trusted.
There just isn't enough security expertise to go around for every
company to examine the whole thing to be sure that it really is as
secure as it claims to be. There is a long history of crypto technology
being applied to problems and then being discovered to be faulty in some
way. Trust was misplaced. People trusted untrustworthy systems just
because it had the magic air of crypto about it.

Quite frankly, the Internet is too important to trust critical
infrastructure to magic crypto systems. There are other, better ways to
solve these problems, that do not introduce single points of failure
into the system. 

--Michael Dillon

P.S. when I said "system" above, I was using the term in the sense that
C.W. Churchman did when he wrote his book, "The Systems Approach". 




More information about the NANOG mailing list