Presentation is loading. Please wait.

Presentation is loading. Please wait.

BGPSEC router key rollover as an alternative to beaconing Roque Gagliano Keyur Patel Brian Weis draft-ietf-sidr-bgpsec-rollover-01.

Published byLeon Fisher Modified over 9 years ago

Similar presentations

Presentation on theme: "BGPSEC router key rollover as an alternative to beaconing Roque Gagliano Keyur Patel Brian Weis draft-ietf-sidr-bgpsec-rollover-01."— Presentation transcript:

1 BGPSEC router key rollover as an alternative to beaconing Roque Gagliano Keyur Patel Brian Weis draft-ietf-sidr-bgpsec-rollover-01

2 Summary of draft Describes a method for rolling over BGPSEC router keypairs/certificates – Since the replacement of a router keypair has the effect of invalidating BGP UPDATE messages signed with the old key, an orderly rollover is required We note that a BGPSEC key rollover can be used as a measure against replays attacks in BGPSEC 11/9I/12IETF SIDR WG2

3 Changes in -01 Addressed comments received from Steve Kent and Kotikalapudi Sriram – Thanks much! We believe a new revision of the draft will be required once the WG advances on key provisioning and the RTR protocol. 11/9I/12IETF SIDR WG3

4 Questions for the WG 1.Change of I-D name: The individual I-D name was a provocation to start debate on alternatives to beaconing. 2.Standards-Track or BCP? – Currently targeting Standards-Track. – However, the RPKI rollover document is BCP and contains no normative text in the document, even if replay attack protection is a BGPSEC requirement. – Our preference is for BCP. 11/9I/12IETF SIDR WG4

Download ppt "BGPSEC router key rollover as an alternative to beaconing Roque Gagliano Keyur Patel Brian Weis draft-ietf-sidr-bgpsec-rollover-01."

Similar presentations

A Threat Model for BGPSEC

A Threat Model for BGPSEC
A Threat Model for BGPSEC Steve Kent BBN Technologies.

A Threat Model for BGPSEC Steve Kent BBN Technologies.
RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
Doc.: IEEE 802.11-01/147March 2000 TGe SecuritySlide 1 The Status of TGe S Draft Text Jesse Walker Intel Corporation (503) 712-1849.

Doc.: IEEE /147March 2000 TGe SecuritySlide 1 The Status of TGe S Draft Text Jesse Walker Intel Corporation (503)
BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery 1IETF 802/12/2014.

BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery 1IETF 802/12/2014.
Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
1 IETF 74, 30 Jul 2009draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt Applicability of Keying Methods for RSVP security draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt.

1 IETF 74, 30 Jul 2009draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt Applicability of Keying Methods for RSVP security draft-ietf-tsvwg-rsvp-security-groupkeying-05.txt.
Route Leaks Sandra Murphy. Is This a Route Leak? To be able to detect a route leak: Given Update with AS_PATH AS1…ASn Is this a route leak?

Route Leaks Sandra Murphy. Is This a Route Leak? To be able to detect a route leak: Given Update with AS_PATH AS1…ASn Is this a route leak?
NORM PI Update draft-ietf-rmt-pi-norm-revised-04 68th IETF - Prague Brian Adamson NRL.

NORM PI Update draft-ietf-rmt-pi-norm-revised-04 68th IETF - Prague Brian Adamson NRL.
Information Sciences Institute Recommendations for Transport Port Uses draft-ietf-tsvwg-port-use-05 IETF 91 - Honolulu Joe Touch, USC/ISI As presented.

Information Sciences Institute Recommendations for Transport Port Uses draft-ietf-tsvwg-port-use-05 IETF 91 - Honolulu Joe Touch, USC/ISI As presented.
SIDR WORKING GROUP IETF 80 PRAGUE draft-manderson-sidr-geo-00.

SIDR WORKING GROUP IETF 80 PRAGUE draft-manderson-sidr-geo-00.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Wed 28 Jul 2010SIDR IETF 78 Maastricht, NL1 SIDR Working Group IETF 78 Maastricht, NL Wednesday, 28 Jul 2010.

Wed 28 Jul 2010SIDR IETF 78 Maastricht, NL1 SIDR Working Group IETF 78 Maastricht, NL Wednesday, 28 Jul 2010.
MIF API draft-ietf-mif-api-extension-05 Dapeng Liu.

MIF API draft-ietf-mif-api-extension-05 Dapeng Liu.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 i2rs Usecases for BGP draft-keyupate-i2rs-bgp-usecases-01.txt Keyur Patel,

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 i2rs Usecases for BGP draft-keyupate-i2rs-bgp-usecases-01.txt Keyur Patel,
Status Update for Algorithm Transition for the RPKI (draft-ietf-sidr-algorithm-agility) Steve Kent Roque Gagliano Sean Turner.

Status Update for Algorithm Transition for the RPKI (draft-ietf-sidr-algorithm-agility) Steve Kent Roque Gagliano Sean Turner.
APNIC eLearning: Intro to RPKI 10 December 2014 12:30 PM AEST Brisbane (UTC+10)

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
Slide title In CAPITALS 50 pt Slide subtitle 32 pt SEND Certificate Profile draft-krishnan-cgaext-send-cert-eku-02 Suresh Krishnan Ana Kukec Khaja Ahmed.

Slide title In CAPITALS 50 pt Slide subtitle 32 pt SEND Certificate Profile draft-krishnan-cgaext-send-cert-eku-02 Suresh Krishnan Ana Kukec Khaja Ahmed.
Draft-chown-v6ops-renumber-thinkabout-05 Things to think about when Renumbering an IPv6 network Tim Chown IETF 67, November 6th, 2006.

Draft-chown-v6ops-renumber-thinkabout-05 Things to think about when Renumbering an IPv6 network Tim Chown IETF 67, November 6th, 2006.
Wed 31 Jul & Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 SIDR Working Group IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013.

Wed 31 Jul & Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 SIDR Working Group IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013.

Similar presentations

Ads by Google