Paper 2016/1015
MaxLength Considered Harmful to the RPKI
Yossi Gilad, Omar Sagga, and Sharon Goldberg
Abstract
User convenience and strong security are often at odds, and most security applications need to find some sort of balance between these two (often opposing) goals. The Resource Public Key Infrastructure (RPKI) [8], a security infrastructure built on top of interdomain routing, is not exempt from this issue. The RPKI uses the maxLength attribute to reduce the amount of information that must be explicitly recorded in its cryptographic objects. MaxLength also allows operators to easily reconfigure their networks with- out modifying their RPKI objects. However, we argue that the maxLength attribute strikes the wrong balance between security and user convenience. In particular, we argue that maxLength is commonly configured in a manner that either obviates the security benefis provided by the RPKI or causes legitimate routes to appear invalid, without providing performance improvements. Therefore, we argue that the maxLength attribute should be eliminated from the RPKI.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Preprint. MINOR revision.
- Keywords
- Routing securitypublic key infrastructure
- Contact author(s)
- yossig2 @ gmail com
- History
- 2017-11-04: last of 8 revisions
- 2016-10-27: received
- See all versions
- Short URL
- https://ia.cr/2016/1015
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2016/1015, author = {Yossi Gilad and Omar Sagga and Sharon Goldberg}, title = {{MaxLength} Considered Harmful to the {RPKI}}, howpublished = {Cryptology {ePrint} Archive, Paper 2016/1015}, year = {2016}, url = {https://eprint.iacr.org/2016/1015} }