<div dir="ltr">John,<div><br></div><div>> Two precursors to the system we have today. <br></div><div><br></div><div>I would not say that either S-BGP nor so-BGP were precursors to BGP origin validation ( I am assuming this is what you are referring to as "system we have today"). </div><div><br></div><div>If I recall, securing BGP and validating src ASN were independent projects both aiming at completely different goals. Former was to assure no one could hijack your prefixes along the path and latter to detect someone fat fingering your prefix or ASN. </div><div><br></div><div>Thx,<br>R.</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 24, 2020 at 2:43 PM John Kristoff <<a href="mailto:jtk@depaul.edu">jtk@depaul.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Sun, 23 Aug 2020 12:40:19 +0000<br>
Dovid Bender <<a href="mailto:dovid@telecurve.com" target="_blank">dovid@telecurve.com</a>> wrote:<br>
<br>
> Ok. So here is another n00b question. Why don't we have something<br>
> where when we advertise IP space we also pass along a cert [...]<br>
<br>
Take a look at:<br>
<br>
Stephen Kent, Charles Lynn, and Karen Seo. 2000. Secure border gateway<br>
protocol (S-BGP). IEEE Journal on Selected areas in Communications 18, 4 (2000),<br>
582–592.<br>
<br>
and<br>
<br>
Russ White. 2003. Securing BGP: soBGP. Internet Protocol Journal 6, 3<br>
(Sept. 2003), 15–22.<br>
<br>
Two precursors to the system we have today. Both proposed some form of<br>
including PKI-related matter in BGP messages. Neither system gained<br>
much actual traction outside of the design phase as far as I know.<br>
Some might suggest that a lot of time was spent debating how to do it<br>
with little actual progress or experimentation done. The current<br>
approach has echoes of those ideas with the obvious difference as you<br>
imply, it is independent from BGP. This poses some challenges to<br>
providing a complete solution, but was probably necessary for deployment<br>
and might prove useful if something other than wants to BGP uses it.<br>
<br>
John<br>
</blockquote></div>