potential new IETF WG on anonymous IPSec

[Ian Grigg]

Bill Stewart wrote:
> Also, the author's document discusses protecting BGP to prevent
> some of the recent denial-of-service attacks,
> and asks for confirmation about the assertion in a message
> on the IPSEC mailing list suggesting
>    "E.g., it is not feasible for BGP routers to be configured with the
>    appropriate certificate authorities of hundreds of thousands of peers".
> Routers typically use BGP to peer with a small number of partners,
> though some big ISP gateway routers might peer with a few hundred.
> (A typical enterprise router would have 2-3 peers if it does BGP.)
> If a router wants to learn full internet routes from its peers,
> it might learn 1-200,000, but that's not the number of direct connections
> that it has - it's information it learns using those connections.
> And the peers don't have to be configured "rapidly without external 
> assistance" -
> you typically set up the peering link when you're setting up the
> connection between an ISP and a customer or a pair of ISPs,
> and if you want to use a CA mechanism to certify X.509 certs,
> you can set up that information at the same time.

On the backbone, between BGP peers, one would have thought
that there are relatively few attackers, as the staff are
highly trusted and the wires are hard to access - hence no
active attacks going on and only some passive eavesdropping
attacks.  Also, anyone setting up BGP routing knows the other
party, so there is a prior relationship.

The whole point of the CA model is that there is no prior
relationship and that the network is a wild wild west sort
of place - both of these assumptions seem to be reversed
in the backbone world, no?  So one would think that using
opportunistic cryptography would be ideal for the BGP world?

iang