On Sat, 17 Jan 2009 00:14:17 +0000 Naveen Nathan <naveen@calpop.com> wrote:
I came across this article on /.: http://www.networkworld.com/news/2009/011509-bgp.html?page=1
I'm not too familiar with security of routing protocols, but it became immediately evident as I read this article that much of the work has been accomplished with soBGP. I'm wondering why there is a new initiative for another technology to secure BGP.
There are two parts to the answer. First, neither SoBGP nor SBGP, the two primary secured BGP proposals, have a consensus behind them. Whether or not either or both do the job in some objective sense, large segments of the community do not perceive that they do, and it's not for lack of trying by the proponents of either. Second, and more serious, both proposals do have major technical issues. SoBGP is very good at protecting origin announcements (and hence at preventing mistakes), but it doesn't work nearly as well against deliberate hijacking. SBGP protects entire path announcements, but is very heavy-weight and requires many signature verifications, probably too many. We need a protocol that solves both of these issues. -- --Steve Bellovin, http://www.cs.columbia.edu/~smb