BBN Technologies Internetworking Research: Internet Drafts

Selected Internet Drafts

Secure BGP (S-BGP)

Charles Lynn, Joanne Mikkelson, Karen Seo, draft-clynn-s-bgp-protocol-00.txt, October 1999.: Abstract
The Border Gateway Protocol (BGP), which is used to distribute routing information between autonomous systems (ASes), is a critical component of the Internet's routing infrastructure. It is highly vulnerable to a variety of malicious attacks both in theory and in practice, due to the lack of a scalable means of verifying the authenticity and legitimacy of BGP control traffic. This document is a protocol specification for Secure BGP (S-BGP), an extension to BGP-4. S-BGP adheres to the principle of least privilege and uses countermeasures that create an authentication and authorization system that addresses most of the security problems associated with BGP. To facilitate adoption and deployment, S-BGP is designed to minimize the overhead (processing, bandwidth, storage) added by its

X.509 Extensions for Authorization of IP Addresses, AS Numbers, and Routers within an AS

Charles Lynn, draft-clynn-bgp-x509-auth-01.txt, October 1999.: Abstract
This document defines three X.509 v3 Certificate Extensions. The first binds a list of IP Address blocks to the public key of the subject of a certificate. The second binds a list of Autonomous System Numbers to the public key of the subject of a certificate. The third binds a BGP Router Identifier and an Autonomous System Number to the public key of the subject of a certificate. Third parties, e.g., BGP routers, may use these certificates to verify that the holder of the private key corresponding to the public key in the certificate has been properly authorized to use resources specified in the certificate extension.

Evaluation of COPS/PIB and SNMP/MIB Approaches for Configuration Management of IP-based Networks

Luis Sanchez, Keith McCloghrie, Jon Saperia, draft-ops-mumble-conf_management-03.txt, October 22, 1999.: Abstract
This document is the output of a design team chartered with the identification of a global set of configuration management requirements for IP-based networks. The document includes evaluations of the COPS/PIB and SNMP/MIB based approaches with respect to these requirements. In addition, the document discusses possible enhancements to both of these approaches and includes evaluations of the costs associated with their development and deployment.

New Protocols to Support Internet Traceback

C. Partridge, C. Jones, D. Waitzman, A. Snoeren, draft-partridge-ippt-discuss-00.txt, 14 November 2001.: Abstract
A discussion of the protocol issues involved in developing a protocol to support packet traceback, where tracing involves querying space-efficient packet logs which are kept in various locations in the network.