BGPSEC router key rollover as an alternative to beaconing Roque Gagliano Keyur Patel Brian Weis draft-ietf-sidr-bgpsec-rollover-01.

Slides:



Advertisements
Similar presentations
A Threat Model for BGPSEC
Advertisements

A Threat Model for BGPSEC Steve Kent BBN Technologies.
RPKI Standards Activity Geoff Huston APNIC February 2010.
Doc.: IEEE /147March 2000 TGe SecuritySlide 1 The Status of TGe S Draft Text Jesse Walker Intel Corporation (503)
BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery 1IETF 802/12/2014.
Dynamic Symmetric Key Provisioning Protocol (DSKPP)
1 IETF 74, 30 Jul 2009draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt Applicability of Keying Methods for RSVP security draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt.
Route Leaks Sandra Murphy. Is This a Route Leak? To be able to detect a route leak: Given Update with AS_PATH AS1…ASn Is this a route leak?
NORM PI Update draft-ietf-rmt-pi-norm-revised-04 68th IETF - Prague Brian Adamson NRL.
Information Sciences Institute Recommendations for Transport Port Uses draft-ietf-tsvwg-port-use-05 IETF 91 - Honolulu Joe Touch, USC/ISI As presented.
SIDR WORKING GROUP IETF 80 PRAGUE draft-manderson-sidr-geo-00.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Wed 28 Jul 2010SIDR IETF 78 Maastricht, NL1 SIDR Working Group IETF 78 Maastricht, NL Wednesday, 28 Jul 2010.
MIF API draft-ietf-mif-api-extension-05 Dapeng Liu.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 i2rs Usecases for BGP draft-keyupate-i2rs-bgp-usecases-01.txt Keyur Patel,
Status Update for Algorithm Transition for the RPKI (draft-ietf-sidr-algorithm-agility) Steve Kent Roque Gagliano Sean Turner.
APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
Slide title In CAPITALS 50 pt Slide subtitle 32 pt SEND Certificate Profile draft-krishnan-cgaext-send-cert-eku-02 Suresh Krishnan Ana Kukec Khaja Ahmed.
Draft-chown-v6ops-renumber-thinkabout-05 Things to think about when Renumbering an IPv6 network Tim Chown IETF 67, November 6th, 2006.
Wed 31 Jul & Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 SIDR Working Group IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013.
A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.
Dime WG Status Update IETF#80, 1-April Agenda overview Agenda bashing WG status update Active drafts Recently expired IESG processing Current milestones.
Draft-ietf-sidr-bgpsec-protocol Matt Lepinski
IPv6 WORKING GROUP March 2002 Minneapolis IETF Bob Hinden / Nokia Steve Deering / Cisco Systems Co-Chairs.
BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.
MLPP Update Fred Baker/James Polk. Drafts in question draft-ietf-tsvwg-mlef-concerns-00.txt draft-ietf-tsvwg-mlpp-that-works-00.txt draft-ietf-tsvwg-rsvp-bw-reduction-00.txt.
Draft-tarapore-mbone- multicast-cdni-06 Percy S. Tarapore, AT&T Robert Sayko, AT&T Greg Shepherd, Cisco Toerless Eckert, Cisco Ram Krishnan, Brocade.
Slide 1 IEEE 802 Response to FDIS comments on IEEE 802.1AS 18 March 2014 Authors: NameCompanyPhone .
BGPSEC : A BGP Extension to Support AS-Path Validation Matt Lepinski BBN Technologies.
6lowpan ND Optimization draft Update Samita Chakrabarti Erik Nordmark IETF 69, 2007 draft-chakrabarti-6lowpan-ipv6-nd-03.txt.
Draft-huston-sidr-rfc6490-bis Geoff Huston Slide 1/6.
IETF-90 (Toronto) DHC WG Meeting Wednesday, July 23, GMT IETF-90 DHC WG1 Last Updated: 07/21/ :10 EDT.
#3: Protocol Document (draft-ietf-drinks-spprov) Presenter: Syed Ali (On behalf of the authors: Ken Cartwright, Syed Ali, Alex Mayrhofer and Jean-Francois.
Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.
Authentication for TCP-based Routing and Management Protocols draft-bonica-tcp-auth-04.
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.
1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.
Wed 24 Mar 2010SIDR IETF 77 Anaheim, CA1 SIDR Working Group IETF 77 Anaheim, CA Wednesday, Mar 24, 2010.
Wed 31 Jul & Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 SIDR Working Group IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013.
1 OSPFv3 Automated Group Keying Requirements draft-liu-ospfv3-automated-keying-req-01.txt Ya Liu, Russ White,
Currently Open Issues in the MIPv6 Base RFC MIPv6 security design team.
Richard Scheffenegger (Editor) David Borman Bob Braden Van Jacobson RFC1323bis – TCP Extensions for High Performance 1 84 th IETF, Vancouver, Canada.
Draft-ietf-sidr-roa-format draft-ietf-sidr-arch Matt Lepinski BBN Technologies.
Draft-melia-mipshop-mobility-services-ps-01.txt. From IETF #66 Discuss MIH PS (as expressed by the WG chair) Need a single PS at WG level (several drafts.
Mon 26 Mar & Wed 28 Mar 2012SIDR IETF 83 Paris, France1 SIDR Working Group IETF 83 Paris, France Monday, 26 Mar 2012 Wednesday, 28 Mar 2012.
RPKI Certificate Policy Status Update Stephen Kent.
Authentication for TCP-based Routing and Management Protocols draft-bonica-tcp-auth-04.
OSPF WG Security Extensions for OSPFv2 when using Manual Keying Manav Bhatia, Alcatel-Lucent Sam Hartman, Huawei Dacheng Zhang, Huawei IETF 80, Prague.
1 GDOI Changes to Update Draft draft-ietf-msec-gdoi-update-01 Sheela Rowles Brian Weis.
IDR WG Document Status Update Sue Hares, Yakov Rekhter November 2005.
Trust Anchor Update Requirements for DNSSEC Russ Mundy for the editors Steve Crocker, Howard Eland, Russ Mundy.
Pseudo-Wire Protection Mustapha Aissaoui, Florin Balus, Matthew Bocci, Hamid Ould-Brahim, Ping Pan IETF 66, Montreal.
SCEP Simple Certificate Enrollment Protocol.
Resource Certificate Provisioning Protocol Geoff Huston IETF 70 December 2007.
19 March 2003Page 1 BGP Vulnerabilities Draft March 19, 2003 Sandra Murphy
Mon 23 Mar 2015SIDR IETF 92 Dallas, TX, US1 SIDR Working Group IETF 92 Dallas, TX, US Monday, 23 Mar 2015.
Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston )
Fri 24 Jul 2015SIDR IETF 93 Prague, CZ1 SIDR Working Group IETF 93 Prague, CZ Friday, 24 Jul 2015.
Framework on Key Compromise, Key Loss & Key Rollover
CAPWAP Threat Analysis
BGPSEC Protocol (From -01 to -02 and on to -03) Matt Lepinski.
draft-patel-raszuk-bgp-vector-routing-01
Applicability Statement for Layer 1 Virtual Private Networks (L1VPNs) Basic Mode draft-takeda-l1vpn-applicability-basic-mode-00.txt Deborah Brungard (AT&T)
draft-white-i2rs-use-case-02
IETF 81 Quebec, QC, Canada Thursday, 28 July, 2011
In-Band Authentication Extension for Protocol Independent Multicast (PIM) draft-bhatia-zhang-pim-auth-extension-00 Manav Bhatia
BGPSEC Potential Optimizations for AS-PATH Prepending and Transparent Route Servers. sidr wg / Québec City Doug Montgomery
IETF 84 Vancouver, BC, CA Wednesday, 1 Aug 2012
WG Document Status Compiled By: Lou Berger, Vishnu Pavan Beeram
PW Control Word Stitching
Presentation transcript:

BGPSEC router key rollover as an alternative to beaconing Roque Gagliano Keyur Patel Brian Weis draft-ietf-sidr-bgpsec-rollover-01

Summary of draft Describes a method for rolling over BGPSEC router keypairs/certificates – Since the replacement of a router keypair has the effect of invalidating BGP UPDATE messages signed with the old key, an orderly rollover is required We note that a BGPSEC key rollover can be used as a measure against replays attacks in BGPSEC 11/9I/12IETF SIDR WG2

Changes in -01 Addressed comments received from Steve Kent and Kotikalapudi Sriram – Thanks much! We believe a new revision of the draft will be required once the WG advances on key provisioning and the RTR protocol. 11/9I/12IETF SIDR WG3

Questions for the WG 1.Change of I-D name: The individual I-D name was a provocation to start debate on alternatives to beaconing. 2.Standards-Track or BCP? – Currently targeting Standards-Track. – However, the RPKI rollover document is BCP and contains no normative text in the document, even if replay attack protection is a BGPSEC requirement. – Our preference is for BCP. 11/9I/12IETF SIDR WG4

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.