North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)

  • From: Sandy Murphy
  • Date: Tue Nov 22 13:53:55 2005

>Hierarchical relationships breed "reptiles" because of the inherent
>asymmetric business relationship that results.
>Frankly, I am quite impressed with the address registries.

How would you feel about having the registries serve as the root of
a hierarchical certificate system?

>So an institution would have its "certificate" signed
>by its upstream (or one of its upstream) providers.

How is this relationship not a hierarchical, asymmetric business

What happens in this paradigm in de-peering situations?    Are
you are intending to exclude peering relationships from this web
of trust?

>The providers could cross-certificate to build a "root free" (as in
>"default free" zone) mesh (aka "Web of Trust.").

I believe a web of trust can be operationally feasible only if the web
is more like a forest - if there are several well known examples of
"tops" to the web.  Otherwise, you have to be storing a plethora of
different signers' certificates to be able to validate all the
institution's certificates that come in.  After all, there are
thousands of different providers out there.  If every bgp speaker uses
a different certificate in signing updates to provider A than in
signing updates to provider B, then the validation can be quite

Any trust relationship model would have to deal with
(a) Provider independent space
(b) Multi-homed organizations, with and without AS's
(c) Organizations that are mobile - they might change their attachment
    point frequently or abruptly.

Authorities exist for some number resources - e.g., those registries
hand out addresses - should that be validated by the web of trust?
(The authority says the address is allocated to A but I've got an
update showing the address originating from B validated by my best
peer's three best peers' peers)  (Sometimes authorities are needed
- if you were buying a car from Joe Doe, would you prefer a title
signed by the DMV or the testimony of your favorite body shops
that Joe Doe has been their customer for this car for awhile now.)
That authority extends downward through sub-allocations in a tree,
not a mesh.  (But the web of trust might be useful for those current
special cases that don't devolve from the existing registries, aka
legacy space, until that situation can be fixed.)