Operator survey: Incrementally deployable secure Internet routing

Yixin Sun yixins at alumni.princeton.edu
Sun Jan 23 03:22:18 UTC 2022

Hi Scott,

Thank you for your comment! We understand the privacy concern. As for SBAS,
the backbone is operated in a federated manner among PoP operators. In our
current deployment, the PoP operators are located across three continents.
On the other hand, due to the federated structure of the SBAS PoP
operators, a governance structure is needed to coordinate global operation.
We have outlined four potential governance models, i.e., ICANN and Regional
Internet Registries, a multi-stakeholder organization, a federation of
network providers, or a decentralized governance model. The four models are
described in further detail in the survey, and we would love to hear your
opinions about them.


On Fri, Jan 21, 2022 at 8:24 PM scott <surfer at mauigateway.com> wrote:

> On 1/21/2022 12:07 PM, Yixin Sun wrote:
> We appreciate that your time is very precious, but we wanted to ask you
> for your help in answering a brief survey about a new secure routing system
> we have developed in a research collaboration between ETH, Princeton
> University, and University of Virginia. We'd like to thank those of you who
> have already helped us fill out the survey and provided insightful
> feedback. Your input is critical for helping inform our further work on
> this project.
> Here is the link to our survey, which takes about 10 minutes to complete,
> including watching a brief 3-minute introductory video:
> https://docs.google.com/forms/d/e/1FAIpQLSc4VCkqd7i88y0CbJ31B7tVXyxBlhEy_zsYZByx6tsKAE7ROg/viewform?usp=pp_url&entry.549791324=NANOG+mailing+list
> Our architecture, called Secure Backbone AS (SBAS), allows clients to
> benefit from emerging secure routing deployments like SCION by tunneling
> into a secure infrastructure. SBAS provides substantial routing security
> improvements when retrofitted to the current Internet. It also provides
> benefits even to non-participating networks and endpoints when
> communicating with an SBAS-protected entity.
> We currently have a functional prototype of this network using SCIONLab
> (for the secure backbone) and the PEERING testbed (to make outbound BGP
> announcements). Our ultimate aim is to develop and deploy SBAS beyond an
> experimental scope, and the input of network operators that would actually
> have to run these PoPs would greatly benefit this project and help make
> secure routing a reality.
> This all looks like a network made for surveilling the planet's citizens
> more easily.  Even in the FAQs!
> ----------------------------------------------------------------
> "Do you use countries as ISDs? Doesn't that create opportunities for
> government intervention and censorship?
> We're currently looking into the best way to partition the Internet into
> ISDs, so using countries as ISDs is only one possible option. Countries
> have the advantage of providing a uniform legal environment, allowing
> misbehavior in an ISD to be handled according to the legal framework of
> that ISD."
> ----------------------------------------------------------------
> I guess each country's government will define 'misbehavior' and will have
> a more easy way to find the misbehaving entity?  Will each ISD (ISD =
> Isolation Domain) have it's own DNS?  What will you do about space?  The
> moon?  (That one's coming sooner that folks might expect:
> https://www.nokia.com/networks/insights/network-on-the-moon)  Just say no
> to internet partitioning.
> scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220122/3b33fc80/attachment.html>

More information about the NANOG mailing list