Hi Harald, On Dec 14, 2013, at 4:49 AM, Harald Michl <harald.michl@univie.ac.at> wrote:
I also wonder which attributes will be signed in a more secure BGP environment in the long run. If the origin attribute is going to be one of these parameters then signature-checks will/would fail...
This has been addressed already in SIDR WG: "A chair consensus statement on the BGP ORIGIN Attribute The ORIGIN attribute has been discussed in the working group several times. One view is that the ORIGIN attribute, according to the BGP specification, is supposed to be set at the originating AS and “SHOULD NOT” be reset by other ASs. In this view, changing the ORIGIN was a threat of traffic attraction and so the source authentication and integrity of this attribute should be protected throughout its propagation. The opposing view was that the original purpose for this attribute (ie, conveying the state at the originating AS) has been obsolete for a very long time, and that operators have re-purposed this attribute to their use and that that use (altering the ORIGIN) was legitimate, common and important to them. In this view, altering the ORIGIN should not be prohibited by the security protections. The rough consensus of the working group is that the current operational use and the ability to change the ORIGIN attribute should not be included in the threats that must be countered by the security protections. --Sandy, speaking for the co-chairs” http://www.ietf.org/mail-archive/web/sidr/current/msg06013.html Cheers, -dorian