Communications Security, Reliability and Interoperability Council (CSRIC), Working Group 6, Secure BGP Deployment Report (Mar. 2012) (full-text.)
The Border Gateway Protocol (BGP) controls inter-domain routing on the Internet. BGP relies on trust among operators of gateway routers to ensure the integrity of the Internet routing infrastructure. Over the years, this trust has been compromised on a number of occasions, both accidentally and maliciously, revealing fundamental weaknesses of this critical infrastructure.
This Report recommends the framework for industry regarding incremental adoption of secure routing procedures and protocols based on existing work in industry and research. The framework will include specific technical procedures and protocols. The framework will be proposed in a way suitable for opt-in by Internet Service Providers (ISPs) in order to create incentives for a wider scale, incremental ISP deployment of secure BGP protocols and practices in a market-driven, cost-effective manner.
Although the working group's mission statement addresses ISPs, all network operators participating in inter-domain routing on the Internet should be concerned about BGP security. As such, the group's recommendations apply not only to ISPs, but also to content providers, enterprise networks, and other stakeholders in the global Internet routing system. In addition, as BGP is the glue that holds the disparate parts of the Internet together, global adoption of a security solution must be weighed against the primary goal of ensuring a robust and reliable system. Since the routing system has no central authority, and the many constituent networks have different objectives and business concerns, any viable security solution must preserve the local autonomy of these networks.