Paper 2016/1015

MaxLength Considered Harmful to the RPKI

Yossi Gilad, Omar Sagga, and Sharon Goldberg

Abstract

User convenience and strong security are often at odds, and most security applications need to find some sort of balance between these two (often opposing) goals. The Resource Public Key Infrastructure (RPKI) [8], a security infrastructure built on top of interdomain routing, is not exempt from this issue. The RPKI uses the maxLength attribute to reduce the amount of information that must be explicitly recorded in its cryptographic objects. MaxLength also allows operators to easily reconfigure their networks with- out modifying their RPKI objects. However, we argue that the maxLength attribute strikes the wrong balance between security and user convenience. In particular, we argue that maxLength is commonly configured in a manner that either obviates the security benefis provided by the RPKI or causes legitimate routes to appear invalid, without providing performance improvements. Therefore, we argue that the maxLength attribute should be eliminated from the RPKI.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. Minor revision.
Keywords
Routing securitypublic key infrastructure
Contact author(s)
yossig2 @ gmail com
History
2017-11-04: last of 8 revisions
2016-10-27: received
See all versions
Short URL
https://ia.cr/2016/1015
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/1015,
      author = {Yossi Gilad and Omar Sagga and Sharon Goldberg},
      title = {MaxLength Considered Harmful to the RPKI},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1015},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/1015}},
      url = {https://eprint.iacr.org/2016/1015}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.