database logo graphic

RFC 7132

"Threat Model for BGP Path Security", February 2014

Canonical URL:
http://www.rfc-editor.org/rfc/rfc7132.txt
This document is also available in this non-normative format: PDF.
Status:
INFORMATIONAL
Authors:
S. Kent
A. Chi
Stream:
IETF
Source:
sidr (rtg)

Cite this RFC: TXT  |  XML

Other actions: Find Errata (if any)  |  Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document describes a threat model for the context in which External Border Gateway Protocol (EBGP) path security mechanisms will be developed. The threat model includes an analysis of the Resource Public Key Infrastructure (RPKI) and focuses on the ability of an Autonomous System (AS) to verify the authenticity of the AS path info received in a BGP update. We use the term "PATHSEC" to refer to any BGP path security technology that makes use of the RPKI. PATHSEC will secure BGP, consistent with the inter-AS security focus of the RPKI. The document characterizes classes of potential adversaries that are considered to be threats and examines classes of attacks that might be launched against PATHSEC. It does not revisit attacks against unprotected BGP, as that topic has already been addressed in the BGP-4 standard. It concludes with a brief discussion of residual vulnerabilities.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Go to the RFC Editor Homepage.