%% You should probably cite draft-sriram-replay-protection-design-discussion-13 instead of this revision. @techreport{sriram-replay-protection-design-discussion-12, number = {draft-sriram-replay-protection-design-discussion-12}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-sriram-replay-protection-design-discussion/12/}, author = {Kotikalapudi Sriram and Doug Montgomery}, title = {{Design Discussion and Comparison of Protection Mechanisms for Replay Attack and Withdrawal Suppression in BGPsec}}, pagetotal = 17, year = , month = , day = , abstract = {In the context of BGPsec, a withdrawal suppression occurs when an adversary AS suppresses a prefix withdrawal with the intension of continuing to attract traffic for that prefix based on a previous (signed and valid) BGPsec announcement that was earlier propagated. Subsequently if the adversary AS had a BGPsec session reset with a neighboring BGPsec speaker and when the session is restored, the AS replays said previous BGPsec announcement (even though it was withdrawn), then such a replay action is called a replay attack. The BGPsec protocol should incorporate a method for protection from Replay Attack and Withdrawal Suppression (RAWS), at least to control the window of exposure. This informational document provides design discussion and comparison of multiple alternative RAWS protection mechanisms weighing their pros and cons. This is meant to be a companion document to the standards track draft-ietf-sidrops-bgpsec- rollover that will specify a method to be used with BGPsec for RAWS protection.}, }