The fix for BGP's weaknesses has big, scary, issues of its own, boffins find
The Resource Public Key Infrastructure (RPKI) protocol has "software vulnerabilities, inconsistent specifications, and operational challenges" according to a pre-press paper from a trio of German researchers.
RPKI was designed to fix problems caused by the fact that Border Gateway Protocol (BGP) – the protocol that manages the routes traffic can traverse across the internet – was not secure by design. The newer protocol theoretically fixes that by adding Route Origin Validation (ROV) and Route Origin Authorization (ROA) – techniques that let network operators verify that advertised routes are authentic and represent accurate BGP announcements.
In early September, the White House made RPKI part of its Roadmap to Enhancing Internet Routing Security – an initiative US national cyber director Harry Coker, Jr, said would "mitigate a longstanding vulnerability and lead to a more secure internet that is vital to our national security and the economic prosperity of all Americans."
And the rest of us, too, given that one impact of an attack on BGP could be to re-route traffic away from a website's actual address to another that hosts malware.
