Difference between revisions of "P2pbgpsec"
Line 85: | Line 85: | ||
* Becha's article with many links: | * Becha's article with many links: | ||
http://becha.home.xs4all.nl/hackers-philosophers-utopian-network-dec-2012-becha.pdf | http://becha.home.xs4all.nl/hackers-philosophers-utopian-network-dec-2012-becha.pdf | ||
+ | |||
+ | =After PRISM= | ||
+ | |||
+ | * http://blog.cryptographyengineering.com/2013/09/on-nsa.html | ||
+ | |||
+ | "there's a circumstantial case that the NSA and GCHQ are either directly accessing Certificate Authority keys** or else actively stealing keys from US providers, possibly (or probably) without executives' knowledge. This only requires a small number of people with physical or electronic access to servers, so it's quite feasible.*** The one reason I would have ruled it out a few days ago is because it seems so obviously immoral if not illegal, and moreover a huge threat to the checks and balances that the NSA allegedly has to satisfy in order to access specific users' data via programs such as PRISM." |
Revision as of 16:55, 18 September 2013
Projects | |
---|---|
Participants | |
Skills | |
Status | Dormant |
Niche | Software |
Purpose | Infrastructure |
Peer 2 Peer BGP Security
wiki page for participants of p2p-sec mailing list: https://lists.puscii.nl/wws/arc/p2p-sec
Objectives
- to contribute to creation and implementation of the distributed/decentralized (web-of-trust) BGP security.
- to create connections between people who share simmilar concerns about the upcoming introduction of hierarchical BGP-security structures, based on PKI/X.509 technology
- to provide space for disscussion & exchange of opinions, news, materials
- to co-ordinate the efforts among various groups that work on the above topics
Problem statements
- Internet Governance view:
- excellent summary by Milton Mueller, Brenden Kuerbis. (2010,09).
"Building a new governance hierarchy: RPKI and the future of Internet routing
- excellent summary by Milton Mueller, Brenden Kuerbis. (2010,09).
and addressing. Retrieved from Internet Governance Project: http://internetgovernance.org/pdf/RPKI-VilniusIGPfinal.pdf
- "Negotiating a New Governance Hierarchy: An Analysis of the
Conflicting Incentives to Secure Internet Routing"
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2021835
- Techical view:
- How broken is SSL: a talk by Moxie Marlinspike: "SSL And The Future Of Authenticity" at Defcon 2011:
http://www.youtube.com/watch?v=Z7Wl2FW2TcA
- Basic threat scenario: Man in the Middle attack / prefix hijacking,
presented at Defcon, 2008, by Pilosov/Kapela: http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf
- Enisa report on the routing security: :
- Jeroen Massar's presentaton on Routing Security
Possble alternative technical approaches
- "trust agility", a talk by Moxie Marlinspike: "SSL And The Future Of Authenticity" at Defcon 2011:
http://www.youtube.com/watch?v=Z7Wl2FW2TcA
- http://convergence.io/
- Soveregn Keys, Peter Eckersley from EFF mp4 HQmp4 LQ
https://www.eff.org/deeplinks/2011/11/sovereign-keys-proposal-make-https-and-email-more-secure
Current solution: RPKI & sBGP
- Software: http://www.rpki.net/
- IETF wg: SIDR (secure InterDomain Routing)
Public discussion in European region: (articles, mailing lists, links)
http://www.ripe.net/lir-services/resource-management/certification/community-development
In the news:
- Malcolm Hutty, from London Internet Exchange:
https://publicaffairs.linx.net/news/?p=6118
- RIPE Members Vote To Continue RPKI Work, Nov 03, 2011 11:44 AM PDT
By Michele Neylon http://www.circleid.com/post/20111103_ripe_members_vote_to_continue_rpki_wo rk/
Meshnets media
- http://motherboard.vice.com/blog/hacktivists-want-to-free-the-net-by-building-a-new-one-from-scratch
- Guify
- Hyperborea...
- FNF
- Becha's article with many links:
http://becha.home.xs4all.nl/hackers-philosophers-utopian-network-dec-2012-becha.pdf
After PRISM
"there's a circumstantial case that the NSA and GCHQ are either directly accessing Certificate Authority keys** or else actively stealing keys from US providers, possibly (or probably) without executives' knowledge. This only requires a small number of people with physical or electronic access to servers, so it's quite feasible.*** The one reason I would have ruled it out a few days ago is because it seems so obviously immoral if not illegal, and moreover a huge threat to the checks and balances that the NSA allegedly has to satisfy in order to access specific users' data via programs such as PRISM."