Abstract
User convenience and strong security are often at odds, and most security applications need to find some sort of balance between these two (often opposing) goals. The Resource Public Key Infrastructure (RPKI), a security infrastructure built on top of interdomain routing, is not immune to this issue. The RPKI uses the maxLength attribute to reduce the amount of information that must be explicitly recorded in its cryptographic objects. MaxLength also allows operators to easily reconfigure their networks without modifying their RPKI objects. Our network measurements, however, suggest that the maxLength attribute strikes the wrong balance between security and user convenience. We therefore believe that operators should avoid using maxLength. We give operational recommendations and develop software that allow operators to reap many of the benefits of maxLength without its security costs.
Original language | English |
---|---|
Title of host publication | CoNEXT 2017 - Proceedings of the 2017 13th International Conference on emerging Networking EXperiments and Technologies |
Publisher | Association for Computing Machinery, Inc |
Pages | 101-107 |
Number of pages | 7 |
ISBN (Electronic) | 9781450354226 |
DOIs | |
State | Published - 28 Nov 2017 |
Externally published | Yes |
Event | 13th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT 2017 - Incheon, Korea, Republic of Duration: 12 Dec 2017 → 15 Dec 2017 |
Publication series
Name | CoNEXT 2017 - Proceedings of the 2017 13th International Conference on emerging Networking EXperiments and Technologies |
---|
Conference
Conference | 13th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT 2017 |
---|---|
Country/Territory | Korea, Republic of |
City | Incheon |
Period | 12/12/17 → 15/12/17 |
Bibliographical note
Publisher Copyright:© 2017 ACM.
Keywords
- Bgp
- Interdomain routing security
- RPKI