Cryptology ePrint Archive: Report 2016/1015

MaxLength Considered Harmful to the RPKI

Yossi Gilad and Omar Sagga and Sharon Goldberg

Abstract: User convenience and strong security are often at odds, and most security applications need to find some sort of balance between these two (often opposing) goals. The Resource Public Key Infrastructure (RPKI) [8], a security infrastructure built on top of interdomain routing, is not exempt from this issue. The RPKI uses the maxLength attribute to reduce the amount of information that must be explicitly recorded in its cryptographic objects. MaxLength also allows operators to easily reconfigure their networks with- out modifying their RPKI objects. However, we argue that the maxLength attribute strikes the wrong balance between security and user convenience. In particular, we argue that maxLength is commonly configured in a manner that either obviates the security benefis provided by the RPKI or causes legitimate routes to appear invalid, without providing performance improvements. Therefore, we argue that the maxLength attribute should be eliminated from the RPKI.

Category / Keywords: applications / Routing security, public key infrastructure

Date: received 25 Oct 2016, last revised 28 Nov 2016

Contact author: yossig2 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20161129:010156 (All versions of this report)

Short URL: ia.cr/2016/1015

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]