[cabf_validation] BGP hijacking protections
Tim Hollebeek
tim.hollebeek at digicert.com
Thu Oct 13 19:16:17 UTC 2022
People should also review previous discussions of this issue at CABF. We have had at least two previous long discussions of the issue, one on VWG call and one at a Server Certificate F2F; Shanghai IIRC but I could be wrong. The Princeton folks were even invited to a VWG meeting and presented their results shortly after they published them. So there’s quite a bit of previous discussion out there already.
-Tim
From: Validation <validation-bounces at cabforum.org> On Behalf Of Ben Wilson via Validation
Sent: Thursday, October 13, 2022 2:37 PM
To: Josh Aas <josh at letsencrypt.org>
Cc: CABforum3 <validation at cabforum.org>
Subject: Re: [cabf_validation] BGP hijacking protections
Great, thanks!
On Thu, Oct 13, 2022, 10:44 AM Josh Aas <josh at letsencrypt.org<mailto:josh at letsencrypt.org>> wrote:
Great timing for this question. We are working with the folks from Princeton on a proposal that we plan to send to this list in the next couple of months.
On Thu, Oct 13, 2022 at 12:26 PM Ben Wilson via Validation <validation at cabforum.org<mailto:validation at cabforum.org>> wrote:
All,
Do we need to somehow add something in the BRs to better protect subscribers against BGP hijacking? See https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/lxiA7zcKLws/m/-1imDKu4AQAJ and https://www.coinbase.com/blog/celer-bridge-incident-analysis. Is there something that CAs and subscribers can arrange ahead of time to prevent this kind of attack from succeeding? Could the CA/Browser Forum adopt something in the BRs that would be of benefit?
Thanks,
Ben
_______________________________________________
Validation mailing list
Validation at cabforum.org<mailto:Validation at cabforum.org>
https://lists.cabforum.org/mailman/listinfo/validation
--
Josh Aas
Executive Director
Internet Security Research Group
Let's Encrypt: A Free, Automated, and Open CA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20221013/36226a8b/attachment-0001.html>
More information about the Validation
mailing list