Secure BGP (S-BGP)

Document Type Expired Internet-Draft (individual)
Last updated 2003-07-02
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The Border Gateway Protocol (BGP), which is used to distribute routing information between autonomous systems (ASes), is a critical component of the Internet's routing infrastructure. It is highly vulnerable to a variety of malicious attacks both in theory and in practice, due to the lack of a scalable means of verifying the authenticity and legitimacy of BGP control traffic. This document is a protocol specification for Secure BGP (S-BGP), an extension to BGP-4. S-BGP adheres to the principle of least privilege and uses countermeasures that create an authentication and authorization system that addresses most of the security problems associated with BGP. To facilitate adoption and deployment, S-BGP is designed to minimize the overhead (processing, bandwidth, storage) added by its countermeasures and to be interoperable with the current BGP so as to be incrementally deployable.


Charles Lynn (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)