MaxLength considered harmful to the RPKI

Yossi Gilad, Omar Sagga, Sharon Goldberg

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

22 Scopus citations

Abstract

User convenience and strong security are often at odds, and most security applications need to find some sort of balance between these two (often opposing) goals. The Resource Public Key Infrastructure (RPKI), a security infrastructure built on top of interdomain routing, is not immune to this issue. The RPKI uses the maxLength attribute to reduce the amount of information that must be explicitly recorded in its cryptographic objects. MaxLength also allows operators to easily reconfigure their networks without modifying their RPKI objects. Our network measurements, however, suggest that the maxLength attribute strikes the wrong balance between security and user convenience. We therefore believe that operators should avoid using maxLength. We give operational recommendations and develop software that allow operators to reap many of the benefits of maxLength without its security costs.

Original languageAmerican English
Title of host publicationCoNEXT 2017 - Proceedings of the 2017 13th International Conference on emerging Networking EXperiments and Technologies
PublisherAssociation for Computing Machinery, Inc
Pages101-107
Number of pages7
ISBN (Electronic)9781450354226
DOIs
StatePublished - 28 Nov 2017
Externally publishedYes
Event13th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT 2017 - Incheon, Korea, Republic of
Duration: 12 Dec 201715 Dec 2017

Publication series

NameCoNEXT 2017 - Proceedings of the 2017 13th International Conference on emerging Networking EXperiments and Technologies

Conference

Conference13th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT 2017
Country/TerritoryKorea, Republic of
CityIncheon
Period12/12/1715/12/17

Bibliographical note

Publisher Copyright:
© 2017 ACM.

Keywords

  • Bgp
  • Interdomain routing security
  • RPKI

Fingerprint

Dive into the research topics of 'MaxLength considered harmful to the RPKI'. Together they form a unique fingerprint.

Cite this