Threat Model for BGP Path Security

The information below is for an old version of the document
Document Type Expired Internet-Draft (sidr WG)
Last updated 2012-08-25 (latest revision 2012-02-22)
Replaces draft-kent-bgpsec-threats
Stream IETF
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream WG state In WG Last Call
Other - see Comment Log
Document shepherd None
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes a threat model for BGP path security (BGPSEC). It assumes the context established by the SIDR WG charter, as of April 19, 2011. The charter established two goals for the SIDR work: o Enabling an AS to verify the authorization of an origin AS to originate a specified set of prefixes o Enabling an AS to verify that the AS-PATH represented in a route matches the path travelled by the NLRI for the route The charter further mandates that SIDR build upon the Resource Public Key Infrastructure (RPKI), the first product of the WG. Consistent with the charter, this threat model includes an analysis of the RPKI, and focuses on the ability of an AS to verify the authenticity of the AS path info received in a BGP update. The model assumes that BGP path security is achieved through the application of digital signatures to AS_Path Info. The document characterizes classes of potential adversaries that are considered to be threats, and examines classes of attacks that might be launched against BGPSEC. It concludes with brief discussion of residual vulnerabilities.


Stephen Kent (
Andrew Chi (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)