Middle ground

The two proposals for addressing Border Gateway Protocol’s security shortcomings may have some of their own.

BBN is developing Secure-BGP (S-BGP), which is intended to address a “fundamental problem” with the protocol: the authenticity of routing update information, according to Steve Kent, BBN chief scientist for information security.

S-BGP seeks to establish a public-key infrastructure that uses digital certificates to authenticate two pieces of data: which chunks of address space have been allocated to ISPs; and what autonomous system numbers have been allocated to them, Kent says.

But S-BGP presents an impediment that’s prompting Cisco, Genuity and some other ISPs to write secure origin BGP (soBGP), an alternative to S-BGP. S-BGP inhibits an ISP’s ability to establish policy for its routers, says Cisco Fellow Fred Baker.

“The downstream service provider cannot apply a policy that says, ‘I’m going to accept this prefix from you but not that one,’ ” Baker says. “It fundamentally breaks BGP’s ability to be used in a policy system where you might redivide the information up. S-BGP is the right concept, but it’s put together in a way that an ISP can’t really effectively use.”

SoBGP is an effort to allow ISPs to be able to authenticate route advertisements and implement policy on them. But according to Kent, soBGP provides too many ways to do certain things, which when implemented differently, hampers interoperability.

The IETF is acting as mediator in the S-BGP/soBGP dispute. The routing protocol security working group within the IETF’s Routing area is developing a so-called “threat model” that attempts to document the security requirements for Internet routing systems.

This work may provide the middle ground on which S-BGP and soBGP can come to a resolution, says Alex Zinin, director of the IETF’s Routing and Sub-IP areas.