DNSSEC protected routing announcements for BGP
draft-donnerhacke-sidr-bgp-verification-dnssec-04

Document Type Expired Internet-Draft (individual)
Authors Lutz Donnerhacke  , Wouter Wijngaards 
Last updated 2008-05-05
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-donnerhacke-sidr-bgp-verification-dnssec-04.txt

Abstract

This document describes an infrastructure for real time verification of routes reveived via BGP4. Some DNS query types are introduced to check the origin of a prefix and validity of the AS path. The crypto part can be offloaded from the routing engine by sending a DNS query and checking the AD bit in the DNS response. The proposal depends on the DNS scalability and caching mechanisms as well as PKI introduced by DNSSEC.

Authors

Lutz Donnerhacke (lutz@iks-jena.de)
Wouter Wijngaards (wouter@nlnetlabs.nl)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)