P2pbgpsec
Peer 2 Peer BGP Security
wiki page for participants of p2p-sec mailing list: https://lists.puscii.nl/wws/arc/p2p-sec
Objective
- to contribute to creation and implementation of the distributed/decentralized (web-of-trust) BGP security.
- to create connections between people who share simmilar concerns about the upcoming introduction of hierarchical BGP-security structures, based on PKI/X.509 technology
- to provide space for disscussion & exchange of opinions, news, materials
- to co-ordinate the efforts among various groups that work on the above topics
Problem statements
- Internet Governance view: excellent summary by Milton Mueller:
"Building a new governance hierarchy" http://internetgovernance.org/pdf/RPKI-VilniusIGPfinal.pdf
- Techical view: How broken is SSL:
- a talk by Moxie Marlinspike: "SSL And The Future Of Authenticity" at Defcon 2011:
http://www.youtube.com/watch?v=Z7Wl2FW2TcA
- Basic threat scenario: Man in the Middle attack / prefix hijacking,
presented at Defcon, 2008, by Pilosov/Kapela: http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf
- Enisa report on the routing security: :
- Jeroen Massar's presentaton on Routing Security
Possble alternative technical approaches
- "trust agility", a talk by Moxie Marlinspike: "SSL And The Future Of Authenticity" at Defcon 2011:
http://www.youtube.com/watch?v=Z7Wl2FW2TcA
- http://convergence.io/
- Soveregn Keys, Peter Eckersley from EFF mp4 HQmp4 LQ
- "Trusted BGP Observers, an extension to RPKI"
Current solution: RPKI & sBGP
- Software: http://www.rpki.net/
- IETF wg: SIDR (secure InterDomain Routing)
Public discussion in European region: (articles, mailing lists, links)
http://www.ripe.net/lir-services/resource-management/certification/community-development