Safer network traffic, but with potential side effects

With the further development of the "secure routing" concept, the debate around the potential consequences of centralising the inherently decentralised routing system has been rekindled. At the RIPE 62 (Réseaux IP Européens) meeting in Amsterdam, Internet Initiative Japan (IIJ) has presented its preliminary research for a secure Border Gateway Protocol, BGPsec. In addition to providing secure sources via a routing PKI, the protocol is to offer certificates that secure the path of the routed data. The concept is designed to prevent re-routing attacks, and, in the view of the internet registry, RPKI-certified addresses increase the security of business transactions.

BGPsec can reportedly prevent man-in-the-middle attacks that might be possible despite certified source addresses. In the future, every BGPsec-enabled router would "sign" data packets before passing them on in order to document that it actually sent the data to the next recipient. The experts say that only then would the entire path from the already certified sender to the recipient be secure.

Ultimately, BGPsec would allow routing system participants to determine their own risk levels when receiving and passing on data traffic, says German Telekom's Rüdiger Volk. In principle, both transmitting data without validation and accepting data where validation has failed will be possible, he added. Volk said that care is taken in standardisation to ensure that such policies don't become part of the technical standard.

The secure routing topic has repeatedly sparked fundamental debates about the potential side effects of stricter routing regulations. The RIPE NCC has issued IP address block certificates since January. In Amsterdam, Malcolm Hutty from the London-based LINX internet exchange renewed his warning that revoked certificates could cause network exchanges to be regarded as second-rate or even, with strict protocol interpretation, to be removed from the network altogether. Hutty fears that public authorities and law courts could demand that internet registries revoke certificates and advocates a more decentralised way of securing the routing system.

Initially, the five Regional Internet Registries (RIRs) had decided to decentralise, at least in so far as to allow each RIR to be a trusted certificate root within its own region. This would currently mean that the databases of all five RIRs would need to be queried to obtain validation. However, the registries have since started a discussion with the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Assigned Numbers Authority (IANA) (which are currently controlled by the US government) about a central root for all routing certificates.

"We are approaching a point where we need to decide what the internet will look like in future", said Hutty. Randy Bush shares his view. The Internet Initiative Japan representative defended the hierarchical certification structure, which he said simply mirrors the administrative structure of the internet registry system. Bush said that only a Regional Internet Registry can tell which numbers it has assigned to whom, and that there is no network structure for certificate allocation.

(Monika Ermert / ehe)