1 / 4

BGPSEC router key rollover as an alternative to beaconing

BGPSEC router key rollover as an alternative to beaconing. draft-ietf-sidr-bgpsec-rollover-01. Roque Gagliano Keyur Patel Brian Weis. Summary of draft. Describes a method for rolling over BGPSEC router keypairs /certificates

starbuck
Download Presentation

BGPSEC router key rollover as an alternative to beaconing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BGPSEC router key rollover as an alternative to beaconing draft-ietf-sidr-bgpsec-rollover-01 RoqueGagliano Keyur Patel Brian Weis

  2. Summary of draft • Describes a method for rolling over BGPSEC router keypairs/certificates • Since the replacement of a router keypair has the effect of invalidating BGP UPDATE messages signed with the old key, an orderly rollover is required • We note that a BGPSEC key rollover can be used as a measure against replays attacks in BGPSEC IETF SIDR WG

  3. Changes in -01 • Addressed comments received from Steve Kent and KotikalapudiSriram • Thanks much! • We believe a new revision of the draft will be required once the WG advances on key provisioning and the RTR protocol. IETF SIDR WG

  4. Questions for the WG • Change of I-D name: The individual I-D name was a provocation to start debate on alternatives to beaconing.  • Standards-Track or BCP? • Currently targeting Standards-Track. • However, the RPKI rollover document is BCP and contains no normative text in the document, even if replay attack protection is a BGPSEC requirement. • Our preference is for BCP. IETF SIDR WG

More Related