Technical Summary
SIDR was re-chartered to develop solutions for a specific BGP
security problem, i.e., how to enable an AS to verify that the
AS_Path represented in BGP route is the same as the path
through which the NLRI travelled. This document examines
threats and attacks on BGP relative to this goal. It begins
with a brief characterization of threats (motivated, capable
adversaries) and then describes classes of attacks. The attack
characterization focuses on elements of the routing system,
including the RPKI and likely approaches to path security.
(The current SIDR charter calls for building upon the RPKI,
hence its inclusion in this document.) The document ends
with a brief discussion of residual vulnerabilities, e.g. routing
security concerns that are outside the scope of SIDR’s charter.
Working Group Summary
SIDR was initially chartered to develop standards to enable
network operators to verify route origin assertions propagated
via BGP. It published a set of RFCs (6480-93) that addressed
this initial problem statement. Initial versions of the threat
document and the requirements document were published
at about the same time (June 2011). A threat document is
nominally a precursor for a requirements document, but
there was an informal understanding of the threats to
be addressed, which permitted parallel development
of these documents, by different sets of authors.
Document Quality
The document is clearly written and well organized.
Personnel
Alexey Melnikov is the Document Shepherd.
Stewart Bryant is the Responsible Area Director.
RFC Editor Note
Please Delete:
"8. Acknowledgements
TBD
"