RPKI for dummies

Robert Raszuk robert at raszuk.net
Mon Aug 24 13:01:15 UTC 2020


John,

> Two precursors to the system we have today.

I would not say that either S-BGP nor so-BGP were precursors to BGP origin
validation ( I am assuming this is what you are referring to as "system we
have today").

If I recall, securing BGP and validating src ASN were independent projects
both aiming at completely different goals. Former was to assure no one
could hijack your prefixes along the path and latter to detect someone fat
fingering your prefix or ASN.

Thx,
R.



On Mon, Aug 24, 2020 at 2:43 PM John Kristoff <jtk at depaul.edu> wrote:

> On Sun, 23 Aug 2020 12:40:19 +0000
> Dovid Bender <dovid at telecurve.com> wrote:
>
> > Ok. So here is another n00b question. Why don't we have something
> > where when we advertise IP space we also pass along a cert [...]
>
> Take a look at:
>
>   Stephen Kent, Charles Lynn, and Karen Seo. 2000. Secure border gateway
>   protocol (S-BGP). IEEE Journal on Selected areas in Communications 18, 4
> (2000),
>   582–592.
>
> and
>
>   Russ White. 2003. Securing BGP: soBGP. Internet Protocol Journal 6, 3
>   (Sept. 2003), 15–22.
>
> Two precursors to the system we have today.  Both proposed some form of
> including PKI-related matter in BGP messages.  Neither system gained
> much actual traction outside of the design phase as far as I know.
> Some might suggest that a lot of time was spent debating how to do it
> with little actual progress or experimentation done.  The current
> approach has echoes of those ideas with the obvious difference as you
> imply, it is independent from BGP.  This poses some challenges to
> providing a complete solution, but was probably necessary for deployment
> and might prove useful if something other than wants to BGP uses it.
>
> John
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200824/90585421/attachment.html>


More information about the NANOG mailing list