North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
> -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Steven M. Bellovin > Sent: Tuesday, November 22, 2005 12:54 PM > To: Randy Bush > Cc: [email protected] > Subject: Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security) > <..> > Furthermore, given that a trust algebra may yield a trust > value, rather than a simple 0/1, is it reasonable to use that > assessment as a BGP preference selector? That would tie the > security very deeply -- too deeply? -- into BGP's guts. If you take the web of trust model, I think a security value can be assigned to announced information based on a couple variables: 1) Distance from an absolute trusted authority. 2) The feedback rating of the announcer (like Ebay ;-) 3) A statically configured metric based on a field match with a set of extracted fields from the ID presented by the announcer. Or a combination of both. I think this was discussed in detail in the pre-formation stages of the BGP Sec. Req. document. I also remember reading about a paper on a PGP like trust mesh with variable trust values assigned based on distance etc, but I can't recall the authors. All in all, this is not totally different from Viterbi decoding of digital signals in the presence of noise in the way the trust values would be constructed.