Threat Model for BGP Path Security
RFC 7132, “Threat Model for BGP Path Security”, is an Informational document published in February 2014 by S. Kent, A. Chi. The canonical text is published by the RFC Editor.
Abstract
This document describes a threat model for the context in which External Border Gateway Protocol (EBGP) path security mechanisms will be developed. The threat model includes an analysis of the Resource Public Key Infrastructure (RPKI) and focuses on the ability of an Autonomous System (AS) to verify the authenticity of the AS path info received in a BGP update. We use the term "PATHSEC" to refer to any BGP path security technology that makes use of the RPKI. PATHSEC will secure BGP, consistent with the inter-AS security focus of the RPKI.
The document characterizes classes of potential adversaries that are considered to be threats and examines classes of attacks that might be launched against PATHSEC. It does not revisit attacks against unprotected BGP, as that topic has already been addressed in the BGP-4 standard. It concludes with a brief discussion of residual vulnerabilities.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 7132 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7131 Session Initiation Protocol History-Info Header Call Flow Examples
- RFC 7133 Information Elements for Data Link Layer Traffic Measurement
- RFC 7130 Bidirectional Forwarding Detection on Link Aggregation Group Interfaces
- RFC 7134 The Management Policy of the Resource Priority Header Registry Changed to "IETF Review"
- RFC 7129 Authenticated Denial of Existence in the DNS
- RFC 7135 Registering a SIP Resource Priority Header Field Namespace for Local Emergency Communications
- RFC 7128 Resource Public Key Infrastructure Router Implementation Report
- RFC 7136 Significance of IPv6 Interface Identifiers