MaxLength considered harmful to the RPKI
Files
Published version
Date
2017
Authors
Gilad, Yossi
Sagga, Omar
Goldberg, Sharon
Version
Published version
OA Version
Citation
Yossi Gilad, Omar Sagga, and Sharon Goldberg. 2017. MaxLength Considered
Harmful to the RPKI. In Proceedings of CoNEXT ’17, Incheon, Republic of
Korea, December 12–15, 2017, 7 pages.
DOI: 10.1145/3143361.3143363
Abstract
User convenience and strong security are often at odds, and most security applications need to find some sort of balance between these two (often opposing) goals. The Resource Public Key Infrastructure (RPKI), a security infrastructure built on top of interdomain routing, is not immune to this issue. The RPKI uses the maxLength attribute to reduce the amount of information that must be explicitly recorded in its cryptographic objects. MaxLength also allows operators to easily reconfigure their networks without modifying their RPKI objects. Our network measurements, however, suggest that the maxLength attribute strikes the wrong balance between security and user convenience. We therefore believe that operators should avoid using maxLength. We give operational recommendations and develop software that allow operators to reap many of the benefits of maxLength without its security costs.
Description
License
© 2017 ACM. Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for profit or commercial advantage and that copies bear this notice and the full citation
on the rst page. Copyrights for components of this work owned by others than ACM
must be honored. Abstracting with credit is permitted. To copy otherwise, or republish,
to post on servers or to redistribute to lists, requires prior special permission and/or a
fee. Request permissions from permissions@acm.org.
CoNEXT ’17, Incheon, Republic of Korea