[180869] in North American Network Operators' Group
RE: Routing Insecurity (Re: BGP in the Washington Post)
daemon@ATHENA.MIT.EDU (Russ White)
Thu Jun 11 07:30:10 2015
X-Original-To: nanog@nanog.org
From: "Russ White" <russw@riw.us>
To: "'Sandra Murphy'" <sandy@tislabs.com>
In-Reply-To: <63A98784-80C5-4A76-976E-47E480294C03@tislabs.com>
Date: Thu, 11 Jun 2015 07:30:01 -0400
Cc: 'North American Network Operators' Group' <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> There have been suggestions that a key-per-AS is easier to manage than a
> key-per-router, like in provisioning.
Two points --
First, if a single person with console access leaves the company, I must
roll the key for all my BGP routes, with the attendant churn, etc. I can't
imagine anyone deploying such a thing.
Second, a secret only remains secret if two people know it, and one of them
is dead -- a basic rule of security is prevent the spread of knowledge. If
every person in the organization with console access knows the private key
for every router in the network, it's no longer secret.
So you can have one key pair per AS, and risk your security. Or you can add
more key pairs, either per router, per POP, per region, or at some other
level of granularity, and advertise more information about your network as
well as make the key pair database larger. Either you weaken your security
in one way, or you weaken your security in another. Doesn't sound like much
of a "tradeoff" to me.
What astounds me is the quietness on this list about this stuff...
:-)
Russ
