On 18.1.2008, at 5.32, Sandy Murphy wrote:
Considering the BGP+TCP-MD5 is considered 'secure enough' by the people around these days, while it is in truth about as secure as sending data in envelopes made of clear plastic, I don't think this system needs to be more ambitious if it means orders of magnitude worse performance.I lurk here occasionally, but I had to chime in on this one. TCP MD5 protects the links between routers. It does nothing at all, de nada, zero, zip, about protecting what the routers say. (What's more, it is cryptographically unsophisticated and outmoded.)
Yes.. This is what I was trying to point out, with a broken example.Anyway, even with the admittedly broken key handling (static manual keying), broken protocol (replay attacks and such), and partially broken digest algorithm, it seems to be still working well enough. I haven't heard about any attacks against the BGP+TCP-MD5 really happening out there in the wild.
I'm not sure if this effort should aim for anything insanely complex and computationally expensive (global CA hierarchy is typically an example of that - there is only one that has been really deployed), as that's unlikely to work out in practise, but the downside of any piggybacking scheme is that _does_ need to be authenticated in some way, as it comes directly from potentially untrustworthy source. Attacks using that mechanism (traffic redirection/DoS/blackholing) seem both more desirable and easier to implement in practise than attacks on BGP (which is unavailable to be attacked for most people, I suppose).
Conclusion? I'd prefer to keep piggybacking out of the picture altogether, if security framework that it requires makes the solution more complex (and CA hierarchy is typically no-no if you want things to happen in real world anyway).
Cheers, -Markus -- to unsubscribe send a message to rrg-request@psg.com with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg