On Tue, Mar 05, 2002 at 02:35:50PM -0500, Howard C. Berkowitz wrote:
> In general, I agree with this. What most troubles me is any implicit
> assumption that policy repository content must be distributed by the
> "routing protocol," for want of a better term.
What's necessarily wrong with this?
A couple obvious "attacks":
1. Not propagating a "certificate" if the certificate is a separate
packet element than the route(s) that it covers. This is a form of
DoS.
2. Propagating stale certificates.
Many of the same issues with root certificates (ala SSL) apply.
> Especially when considering initial validation of routes, there may
> be a requirement to consult a registry in non-real time to apply
> heuristics.
It may be necessary to use routes in an untrusted fashion until
you can finish the validation process. This might involve something
along the lines of:
0. Initiate peering session - get initial dump of routes and certificates.
1. Take routes, validate them against the in-stream certificates,
your copy of the root certificate and use them in a semi-trusted
fashion.
2. Validate your copy of the root certificate(s).
I think that completes most of the handshake that you would need.
I'm aware that I've probably missed some steps - I'm not a cryptographer.
> Also, if anything is digitally signed, where does the certificate
> authority get involved?
The problem set, I would expect, would be much the same as SSL. Thus,
a boot-strapping process of getting some root certificates distributed
is needed.
-- Jeff Haas NextHop Technologies
This archive was generated by hypermail 2b29 : Mon Aug 04 2003 - 04:10:04 EDT