potential new IETF WG on anonymous IPSec

Joe Touch touch at ISI.EDU
Thu Sep 16 14:17:09 PDT 2004 

Ian Grigg wrote:

> Bill Stewart wrote:
> 
>> Also, the author's document discusses protecting BGP to prevent
>> some of the recent denial-of-service attacks,
>> and asks for confirmation about the assertion in a message
>> on the IPSEC mailing list suggesting
>>    "E.g., it is not feasible for BGP routers to be configured with the
>>    appropriate certificate authorities of hundreds of thousands of 
>> peers".
>> Routers typically use BGP to peer with a small number of partners,
>> though some big ISP gateway routers might peer with a few hundred.
>> (A typical enterprise router would have 2-3 peers if it does BGP.)
>> If a router wants to learn full internet routes from its peers,
>> it might learn 1-200,000, but that's not the number of direct connections
>> that it has - it's information it learns using those connections.
>> And the peers don't have to be configured "rapidly without external 
>> assistance" -
>> you typically set up the peering link when you're setting up the
>> connection between an ISP and a customer or a pair of ISPs,
>> and if you want to use a CA mechanism to certify X.509 certs,
>> you can set up that information at the same time.
> 
> On the backbone, between BGP peers, one would have thought
> that there are relatively few attackers, as the staff are
> highly trusted and the wires are hard to access - hence no
> active attacks going on and only some passive eavesdropping
> attacks.  Also, anyone setting up BGP routing knows the other
> party, so there is a prior relationship.

My understanding of the attacks this past spring is that:
	a) they were indeed on the backbone BGP peers
	b) that those peers had avoided setting up
	   preshared keys or getting mutually-authenticatable
	   certificates because of the configuration overhead
	   (small on a per-pair basis, but may be large
	   in aggregate)

While inspired by this issue, there may be other solutions (e.g., IMO 
IPsec) which are more appropriate for BGP peers.

> The whole point of the CA model is that there is no prior
> relationship and that the network is a wild wild west sort
> of place

Except that certs need to be signed by authorities that are trusted.

> - both of these assumptions seem to be reversed
> in the backbone world, no?  So one would think that using
> opportunistic cryptography would be ideal for the BGP world?
> 
> iang

I wouldn't think that the encryption need be opportunistic; in the BGP 
backbone world, as you noted, peers are known a-priori, and should have 
certs that could be signed by well-known, trusted CAs.

Joe

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list