Threat Model for BGP Path Security
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, sidr mailing list <email@example.com>, sidr chair <firstname.lastname@example.org> Subject: Document Action: 'Threat Model for BGP Path Security' to Informational RFC (draft-ietf-sidr-bgpsec-threats-09.txt) The IESG has approved the following document: - 'Threat Model for BGP Path Security' (draft-ietf-sidr-bgpsec-threats-09.txt) as Informational RFC This document is the product of the Secure Inter-Domain Routing Working Group. The IESG contact persons are Stewart Bryant and Adrian Farrel. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-threats/
Technical Summary SIDR was re-chartered to develop solutions for a specific BGP security problem, i.e., how to enable an AS to verify that the AS_Path represented in BGP route is the same as the path through which the NLRI travelled. This document examines threats and attacks on BGP relative to this goal. It begins with a brief characterization of threats (motivated, capable adversaries) and then describes classes of attacks. The attack characterization focuses on elements of the routing system, including the RPKI and likely approaches to path security. (The current SIDR charter calls for building upon the RPKI, hence its inclusion in this document.) The document ends with a brief discussion of residual vulnerabilities, e.g. routing security concerns that are outside the scope of SIDR’s charter. Working Group Summary SIDR was initially chartered to develop standards to enable network operators to verify route origin assertions propagated via BGP. It published a set of RFCs (6480-93) that addressed this initial problem statement. Initial versions of the threat document and the requirements document were published at about the same time (June 2011). A threat document is nominally a precursor for a requirements document, but there was an informal understanding of the threats to be addressed, which permitted parallel development of these documents, by different sets of authors. Document Quality The document is clearly written and well organized. Personnel Alexey Melnikov is the Document Shepherd. Stewart Bryant is the Responsible Area Director. RFC Editor Note Please Delete: "8. Acknowledgements TBD "