Search RFCs
RFC 7132
Threat Model for BGP Path Security,February 2014
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7132
Discuss this RFC: Send questions or comments to the mailing listsidr@ietf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7132
Abstract
This document describes a threat model for the context in whichExternal Border Gateway Protocol (EBGP) path security mechanisms willbe developed. The threat model includes an analysis of the ResourcePublic Key Infrastructure (RPKI) and focuses on the ability of anAutonomous System (AS) to verify the authenticity of the AS path inforeceived in a BGP update. We use the term "PATHSEC" to refer to anyBGP path security technology that makes use of the RPKI. PATHSECwill secure BGP, consistent with the inter-AS security focus of theRPKI.
The document characterizes classes of potential adversaries that areconsidered to be threats and examines classes of attacks that mightbe launched against PATHSEC. It does not revisit attacks againstunprotected BGP, as that topic has already been addressed in theBGP-4 standard. It concludes with a brief discussion of residualvulnerabilities.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.