Thursday, December 9, 2010

RPKI fix for BGP Coming

I am glad there has been a bit of follow up to the incident that I discussed a while ago in China stole my packets, you can read more about it in this article. But basically the big problem with BGP is that its based on trust and one person can potentially poison the routing tables of all the high level routers, if this occurs then it's hard to revoke the table update and correct any issues quickly.

A potential solution, the Resource Public Key Infrastructure standard, is currently under review at the IETF.
"The intent of the overall work, which involves the RPKI as the underlying security platform and secure BGP as a way of introducing signed credentials into the routing system, is to make lies in the routing system automatically detectable and, therefore, automatically removable," Geoff Huston, chief scientist at the Asia Pacific Network Information Centre (APNIC) says. "It will eliminate a large class of problems…Such a system would directly address the [China Telecom] incident."
This will apparently go a long way to solving some of the issues but not all of them. There is more info on the specifics of RPKI in the original article. But the sooner we fix the BGP issues the sooner we'll have a more secure internet.

No comments:

Post a Comment