Re: Incrementally deployable secure Internet routing: operator survey

[Jeff Tantsura <jefftant.ietf () gmail com>]

Adrian,

//Speaking as RTGWG co-chair

As commutated to SCION proponents before, a detailed presentation at IETF RTGWG would be a good starting point.
Please consider doing so at the upcoming IETF113.
The best way is to subscribe to rtgwg mailing list and respond to chairs email request for presentations, perhaps you’d 
also want to respond to comments/questions after tthe presentation, being subscribed would facilitate that.
Usually we’d prefer a draft to allow for a presentation, however, for the intro (unless you would actually go ahead and 
write an architecture draft), we’d be ok with just a presentation.

Please let me know if you have got any questions.


Cheers,
Jeff

> On Dec 17, 2021, at 12:27, Matt Harris <matt () netfire net> wrote:
>
> 
>       
> Matt Harris​  
> |
> Infrastructure Lead
> 816‑256‑5446  
> |
> Direct
> Looking for help?
> Helpdesk      
> |
> Email Support
>       
> We build customized end‑to‑end technology solutions powered by NetFire Cloud.
> > On Fri, Dec 17, 2021 at 12:51 PM Adrian Perrig <perrig () gmail com> wrote:
>
> > Dear Nanog, 
> >
> > Knowing how challenging it is to apply new technologies to current networks, in a collaboration between ETH, 
> > Princeton University, and University of Virginia, we constructed a system that provides security benefits for 
> > current Internet users while requiring minimal changes to networks. Our design can be built on top of the existing 
> > Internet to prevent routing attacks that can compromise availability and cause detrimental impacts on critical 
> > infrastructure – even given a low adoption rate. This provides benefits over other proposed approaches such as RPKI 
> > that only protects a route’s origin first AS, or BGPsec that requires widespread adoption and significant 
> > infrastructure upgrades.
> >
> > Our architecture, called Secure Backbone AS (SBAS), allows clients to benefit from emerging secure routing 
> > deployments like SCION by tunneling into a secure infrastructure. SBAS provides substantial routing security 
> > improvements when retrofitted to the current Internet. It also provides benefits even to non-participating networks 
> > and endpoints when communicating with an SBAS-protected entity.
> >
> > Our ultimate aim is to develop and deploy SBAS beyond an experimental scope. We have designed a survey to capture 
> > the impressions of the network operator community on the feasibility and viability of our design. The survey is 
> > anonymous and takes about 10 minutes to complete, including watching a brief 3-minute introductory video. 
> >
> > https://docs.google.com/forms/d/e/1FAIpQLSc4VCkqd7i88y0CbJ31B7tVXyxBlhEy_zsYZByx6tsKAE7ROg/viewform?usp=pp_url&entry.549791324=NANOG+mailing+list
> >
> > We thank you for helping inform our further work on this project. We will be happy to share the results with the 
> > community.
> >
> > With kind regards
> >   Prateek Mittal, Adrian Perrig, Yixin Sun
>
> Adrian,
> After viewing the video you included, I'm still not sure what SCION is or how it works (as best I can tell, a bunch 
> of folks get together, share an AS border, and just do private AS peering with one another inside, then the shared AS 
> border does the internet advertising of whatever public networks they wish?), but it sounds like your proposed 
> monolithic new exercise wouldn't offer much beyond what could be done by allowing folks to get a default route VPN to 
> a provider that does strict AS border RPKI ROV already. Can you describe how this would be better or stronger 
> protection from any given attack than that, in a meaningful enough way as to make it worth potentially creating 
> massive bureaucracies and new technical systems which seems to rely on massive networks of VPNs overlaid over the 
> existing public internet? 
>
> - mdh