{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,19]],"date-time":"2025-12-19T10:09:46Z","timestamp":1766138986345,"version":"3.44.0"},"reference-count":101,"publisher":"Association for Computing Machinery (ACM)","issue":"CoNEXT4","license":[{"start":{"date-parts":[[2024,11,25]],"date-time":"2024-11-25T00:00:00Z","timestamp":1732492800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"FRFS-WEL-T"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Netw."],"published-print":{"date-parts":[[2024,12]]},"abstract":"BGP distributes prefixes advertised by Autonomous Systems (ASes) and computes the best paths between them. It is the only routing protocol used to exchange interdomain routes on the Internet. Since its original definition in the late 1980s, BGP uses TCP. To prevent attacks, BGP has been extended with features such as TCP-MD5, TCP-AO, GTSM and data-plane filters. However, these ad hoc solutions were introduced gradually as the Internet grew. In parallel, TLS was standardized to secure end-to-end data-plane communications. Today, a large proportion of the Internet traffic is secured using TLS. Surprisingly, BGP still does not use TLS despite its adequate security features to establish BGP sessions. In this paper, we make the case for using a secure transport with BGP. This can be achieved with TLS combined with TCP-AO or by replacing TCP by QUIC. This protects the BGP stream using established secure transport protocols. In addition, we show that a secure transport using X.509 certificates enables BGP routers to be securely and automatically configured from these certificates. We extend the open-source BIRD BGP daemon to support TLS with TCP-AO and QUIC, to handle such certificates and demonstrate several use cases that benefit from the secure and automated capabilities enabled by our proposal.<\/jats:p>","DOI":"10.1145\/3696406","type":"journal-article","created":{"date-parts":[[2024,11,25]],"date-time":"2024-11-25T11:15:47Z","timestamp":1732533347000},"page":"1-23","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["The Multiple Benefits of a Secure Transport for BGP"],"prefix":"10.1145","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-9746-3991","authenticated-orcid":false,"given":"Thomas","family":"Wirtgen","sequence":"first","affiliation":[{"name":"ICTEAM, UCLouvain & WEL Research Institute, Louvain-la-Neuve, Walloon Brabant, BE"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4264-1706","authenticated-orcid":false,"given":"Nicolas","family":"Rybowski","sequence":"additional","affiliation":[{"name":"ICTEAM, UCLouvain & WEL Research Institute, Louvain-la-Neuve, Walloon Brabant, Belgium"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5334-6361","authenticated-orcid":false,"given":"Cristel","family":"Pelsser","sequence":"additional","affiliation":[{"name":"ICTEAM, UCLouvain, Louvain-la-Neuve, Walloon Brabant, Belgium"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6717-0296","authenticated-orcid":false,"given":"Olivier","family":"Bonaventure","sequence":"additional","affiliation":[{"name":"ICTEAM, UCLouvain & WEL Research Institute, Louvain-la-Neuve, Walloon Brabant, Belgium"}]}],"member":"320","published-online":{"date-parts":[[2024,11,25]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363192"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3618257.3624840"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","unstructured":"Christopher Allen and Tim Dierks. 1999. The TLS Protocol Version 1.0. RFC 2246. https:\/\/doi.org\/10.17487\/RFC2246","DOI":"10.17487\/RFC2246"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3639029"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.29"},{"key":"e_1_2_1_6_1","unstructured":"Alexander Azimov Eugene Bogomazov Randy Bush Keyur Patel Job Snijders and Kotikalapudi Sriram. 2024. BGP AS_PATH Verification Based on Autonomous System Provider Authorization (ASPA) Objects. Internet-Draft draft-ietf-sidrops-aspa-verification-17. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-ietf-sidrops-aspa-verification\/17\/ Work in Progress."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","unstructured":"Fred Baker Chris Bowers and Jen Linkova. 2019. Enterprise Multihoming using Provider-Assigned IPv6 Addresses without Network Prefix Translation: Requirements and Solutions. RFC 8678. https:\/\/doi.org\/10.17487\/RFC8678","DOI":"10.17487\/RFC8678"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","unstructured":"Steven Bellovin. 2007. Key Change Strategies for TCP-MD5. RFC 4808. https:\/\/doi.org\/10.17487\/RFC4808","DOI":"10.17487\/RFC4808"},{"key":"e_1_2_1_9_1","unstructured":"Ondvrej Benkovsk\u00fd. 2024. CLI tool for a high QPS DNS benchmark. https:\/\/tantalor93.github.io\/dnspyre\/."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCC.2014.51"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","unstructured":"Mike Bishop. 2022. HTTP\/3. RFC 9114. https:\/\/doi.org\/10.17487\/RFC9114","DOI":"10.17487\/RFC9114"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","unstructured":"Martin Bj\u00f6rklund. 2016. The YANG 1.1 Data Modeling Language. RFC 7950. https:\/\/doi.org\/10.17487\/RFC7950","DOI":"10.17487\/RFC7950"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","unstructured":"Sharon Boeyen Stefan Santesson Tim Polk Russ Housley Stephen Farrell and David Cooper. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280. https:\/\/doi.org\/10.17487\/RFC5280","DOI":"10.17487\/RFC5280"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3603269.3604866"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","unstructured":"Randy Bush and Russ Housley. 2022. The 'I' in RPKI Does Not Stand for Identity. RFC 9255. https:\/\/doi.org\/10.17487\/RFC9255","DOI":"10.17487\/RFC9255"},{"key":"e_1_2_1_16_1","unstructured":"Randy Bush Russ Housley Rob Austein Susan Hares and Keyur Patel. 2023. Layer-3 Neighbor Discovery. Internet-Draft draft-ymbk-idr-l3nd-06. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-ymbk-idr-l3nd\/06\/ Work in Progress."},{"key":"e_1_2_1_17_1","unstructured":"Randy Bush and Keyur Patel. 2023. L3ND Upper-Layer Protocol Configuration. Internet-Draft draft-ymbk-idr-l3nd-ulpc-07. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-ymbk-idr-l3nd-ulpc\/07\/ Work in Progress."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2009.2034031"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.23919\/TMA.2019.8784511"},{"key":"e_1_2_1_20_1","unstructured":"Cisco Press. 2005. IPSec Authentication and Authorization Models. https:\/\/www.ciscopress.com\/articles\/article.asp?p=421514&seqNum=4"},{"key":"e_1_2_1_21_1","unstructured":"Cisco System Inc. 2024. Cisco Secure Firewall ASA Series Command Reference A-H Commands. https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/asa\/asa-cli-reference\/A-H\/asa-command-ref-A-H\/crypto-a-to-crypto-ir-commands.html#wp2386520637"},{"key":"e_1_2_1_22_1","unstructured":"CZ.NIC Labs. 2022. The BIRD Internet Routing Daemon Project. https:\/\/bird.network.cz\/"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2005.09.013"},{"key":"e_1_2_1_24_1","doi-asserted-by":"crossref","unstructured":"Jason A Donenfeld. 2017. Wireguard: next generation kernel network tunnel.. In NDSS. 1--12.","DOI":"10.14722\/ndss.2017.23160"},{"key":"e_1_2_1_25_1","unstructured":"Madory Doug. 2024. RPKI ROV Deployment Reaches Major Milestone. https:\/\/web.archive.org\/web\/20240606161717\/https:\/\/manrs.org\/2024\/05\/rpki-rov-deployment-reaches-major-milestone\/ Accessed: 2024-06-06."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","unstructured":"Jerome Durand Ivan Pepelnjak and Gert D\u00f6ring. 2015. BGP Operations and Security. RFC 7454. https:\/\/doi.org\/10.17487\/RFC7454","DOI":"10.17487\/RFC7454"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2011.5935139"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","unstructured":"M Fanto Randall Atkinson Michael Barnes Vishwas Manral Russ White Tony Li and Manav Bhatia. 2009. OSPFv2 HMAC-SHA Cryptographic Authentication. RFC 5709. https:\/\/doi.org\/10.17487\/RFC5709","DOI":"10.17487\/RFC5709"},{"volume-title":"OpenVPN: Building and Integrating Virtual Private Networks: Learn How to Build Secure VPNs Using This Powerful Open Source Application","author":"Feilner Markus","key":"e_1_2_1_29_1","unstructured":"Markus Feilner. 2006. OpenVPN: Building and Integrating Virtual Private Networks: Learn How to Build Secure VPNs Using This Powerful Open Source Application. Packt Publishing."},{"key":"e_1_2_1_30_1","volume-title":"Measuring HTTPS Adoption on the Web. In 26th USENIX Security Symp. (USENIX Security 17)","author":"Felt Adrienne Porter","year":"2017","unstructured":"Adrienne Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, and Parisa Tabriz. 2017. Measuring HTTPS Adoption on the Web. In 26th USENIX Security Symp. (USENIX Security 17). USENIX Association, Vancouver, BC, 1323--1338. https:\/\/www.usenix.org\/Conf.\/usenixsecurity17\/technical-sessions\/presentation\/felt"},{"key":"e_1_2_1_31_1","volume-title":"12th USENIX Symp. on Networked Systems Design and Implementation (NSDI 15)","author":"Fogel Ari","year":"2015","unstructured":"Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, and Todd Millstein. 2015. A general approach to network configuration analysis. In 12th USENIX Symp. on Networked Systems Design and Implementation (NSDI 15). 469--483."},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","unstructured":"Alan Ford Costin Raiciu Mark J. Handley Olivier Bonaventure and Christoph Paasch. 2020. TCP Extensions for Multipath Operation with Multiple Addresses. RFC 8684. https:\/\/doi.org\/10.17487\/RFC8684","DOI":"10.17487\/RFC8684"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","unstructured":"Paul Ford-Hutchinson. 2005. Securing FTP with TLS. RFC 4217. https:\/\/doi.org\/10.17487\/RFC4217","DOI":"10.17487\/RFC4217"},{"key":"e_1_2_1_34_1","unstructured":"Fortinet Inc. 2024. Site-to-site IPsec VPN with certificate authentication. https:\/\/docs.fortinet.com\/document\/fortigate\/5.6.0\/cookbook\/530530\/site-to-site-ipsec-vpn-with-certificate-authentication"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","unstructured":"Sheila Frankel and Suresh Krishnan. 2011. IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap. RFC 6071. https:\/\/doi.org\/10.17487\/RFC6071","DOI":"10.17487\/RFC6071"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/LCOMM.2019.2945964"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2020.3025945"},{"key":"e_1_2_1_38_1","first-page":"156","article-title":"Working around BGP: an incremental approach to improving security and accuracy in interdomain routing","volume":"23","author":"Goodell Geoffrey","year":"2003","unstructured":"Geoffrey Goodell, William Aiello, Timothy Griffin, John Ioannidis, Patrick D McDaniel, and Aviel D Rubin. 2003. Working around BGP: an incremental approach to improving security and accuracy in interdomain routing.. In NDSS, Vol. 23. 156.","journal-title":"NDSS"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2003.1248660"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","unstructured":"Andy Heffernan. 1998. Protection of BGP Sessions via the TCP MD5 Signature Option. RFC 2385. https:\/\/doi.org\/10.17487\/RFC2385","DOI":"10.17487\/RFC2385"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","unstructured":"Russ Housley Tim Polk Dr. Warwick S. Ford and David Solo. 2002. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280. https:\/\/doi.org\/10.17487\/RFC3280","DOI":"10.17487\/RFC3280"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1015467.1015488"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2050"},{"key":"e_1_2_1_44_1","unstructured":"Chritsian Huitema. 2022. Minimal implementation of the QUIC protocol. https:\/\/github.com\/private-octopus\/picoquic."},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","unstructured":"Christian Huitema Sara Dickinson and Allison Mankin. 2022. DNS over Dedicated QUIC Connections. RFC 9250. https:\/\/doi.org\/10.17487\/RFC9250","DOI":"10.17487\/RFC9250"},{"key":"e_1_2_1_46_1","unstructured":"Geoff Huston. 2024. BGP in 2023 -- Have we reached Peak IPv4? https:\/\/www.potaroo.net\/ispcol\/2024-01\/bgp2023.html."},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC6483"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2011.041010.00041"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC9000"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2006.320179"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","unstructured":"Charlie Kaufman. 2005. Internet Key Exchange (IKEv2) Protocol. RFC 4306. https:\/\/doi.org\/10.17487\/RFC4306","DOI":"10.17487\/RFC4306"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","unstructured":"Stephen Kent. 2005 a. IP Authentication Header. RFC 4302. https:\/\/doi.org\/10.17487\/RFC4302","DOI":"10.17487\/RFC4302"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","unstructured":"Stephen Kent. 2005 b. IP Encapsulating Security Payload (ESP). RFC 4303. https:\/\/doi.org\/10.17487\/RFC4303","DOI":"10.17487\/RFC4303"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/49.839934"},{"key":"e_1_2_1_55_1","doi-asserted-by":"crossref","unstructured":"Stephen T Kent Charles Lynn Joanne Mikkelson and Karen Seo. 2000 b. Secure Border Gateway Protocol (S-BGP)-Real World Performance and Deployment Issues.. In NDSS.","DOI":"10.1109\/49.839934"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","unstructured":"Gregory M. Lebovitz Manav Bhatia and Brian Weis. 2013. Keying and Authentication for Routing Protocols (KARP) Overview Threats and Requirements. RFC 6862. https:\/\/doi.org\/10.17487\/RFC6862","DOI":"10.17487\/RFC6862"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","unstructured":"Matt Lepinski and Stephen Kent. 2012. An Infrastructure to Support Secure Internet Routing. RFC 6480. https:\/\/doi.org\/10.17487\/RFC6480","DOI":"10.17487\/RFC6480"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","unstructured":"Matt Lepinski and Kotikalapudi Sriram. 2017. BGPsec Protocol Specification. RFC 8205. https:\/\/doi.org\/10.17487\/RFC8205","DOI":"10.17487\/RFC8205"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2784"},{"key":"e_1_2_1_60_1","volume-title":"Olivier Bonaventure, Christian Huitema, and Mirja K\u00fchlewind.","author":"Liu Yanmei","year":"2024","unstructured":"Yanmei Liu, Yunfei Ma, Quentin De Coninck, Olivier Bonaventure, Christian Huitema, and Mirja K\u00fchlewind. 2024. Multipath Extension for QUIC. Internet-Draft draft-ietf-quic-multipath-08. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-ietf-quic-multipath\/08\/ Work in Progress."},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","unstructured":"Kirk Lougheed and Yakov Rekhter. 1989. Border Gateway Protocol (BGP). RFC 1105. https:\/\/doi.org\/10.17487\/RFC1105","DOI":"10.17487\/RFC1105"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/964725.633027"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2024.3375898"},{"key":"e_1_2_1_64_1","unstructured":"Microsoft. 2022. MsQuic: Cross-platform C implementation of the IETF QUIC protocol exposed to C C C# and Rust. https:\/\/github.com\/microsoft\/msquic."},{"key":"e_1_2_1_65_1","volume-title":"European Symp. on Research in Computer Security. 107--127","author":"Cristel Pelsser Miller","year":"2019","unstructured":"Lo\"ic Miller and Cristel Pelsser. 2019. A Taxonomy of Attacks Using BGP Blackholing. In European Symp. on Research in Computer Security. 107--127."},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3652963.3655051"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","unstructured":"Sandra L. Murphy. 2006. BGP Security Vulnerabilities Analysis. RFC 4272. https:\/\/doi.org\/10.17487\/RFC4272","DOI":"10.17487\/RFC4272"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355593"},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487838"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","unstructured":"Chris Newman. 1999. Using TLS with IMAP POP3 and ACAP. RFC 2595. https:\/\/doi.org\/10.17487\/RFC2595","DOI":"10.17487\/RFC2595"},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","unstructured":"Yoshifumi Nishida Preethi Natarajan Armando L. Caro Paul D. Amer and karen Nielsen. 2016. SCTP-PF: A Quick Failover Algorithm for the Stream Control Transmission Protocol. RFC 7829. https:\/\/doi.org\/10.17487\/RFC7829","DOI":"10.17487\/RFC7829"},{"key":"e_1_2_1_72_1","unstructured":"Arnis Parsovs. 2013. Practical Issues with TLS Client Certificate Authentication. Cryptology ePrint Archive Paper 2013\/538. https:\/\/eprint.iacr.org\/2013\/538 https:\/\/eprint.iacr.org\/2013\/538."},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","unstructured":"Carlos Pignataro Pekka Savola David Meyer Vijay Gill and John Heasley. 2007. The Generalized TTL Security Mechanism (GTSM). RFC 5082. https:\/\/doi.org\/10.17487\/RFC5082","DOI":"10.17487\/RFC5082"},{"key":"e_1_2_1_74_1","unstructured":"Maxime Piraux Olivier Bonaventure and Thomas Wirtgen. 2024. Opportunistic TCP-AO with TLS. Internet-Draft draft-piraux-tcp-ao-tls-01. IETF. https:\/\/datatracker.ietf.org\/doc\/draft-piraux-tcp-ao-tls\/01\/ Work in Progress."},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","unstructured":"Yakov Rekhter John Scudder Srihari R. Sangli Enke Chen and Rex Fernando. 2007. Graceful Restart Mechanism for BGP. RFC 4724. https:\/\/doi.org\/10.17487\/RFC4724","DOI":"10.17487\/RFC4724"},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","unstructured":"Eric Rescorla. 2000. HTTP Over TLS. RFC 2818. https:\/\/doi.org\/10.17487\/RFC2818","DOI":"10.17487\/RFC2818"},{"key":"e_1_2_1_77_1","doi-asserted-by":"publisher","unstructured":"Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. https:\/\/doi.org\/10.17487\/RFC8446","DOI":"10.17487\/RFC8446"},{"key":"e_1_2_1_78_1","doi-asserted-by":"publisher","unstructured":"Eric Rescorla and Tim Dierks. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. https:\/\/doi.org\/10.17487\/RFC5246","DOI":"10.17487\/RFC5246"},{"key":"e_1_2_1_79_1","unstructured":"Alvaro Retana Yingzhen Qu Jeffrey Haas Shuanglong Chen and Jeff Tantsura. 2023. BGP over QUIC. Internet-Draft draft-retana-idr-bgp-quic-01. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-retana-idr-bgp-quic\/01\/ Work in Progress."},{"key":"e_1_2_1_80_1","unstructured":"Alvaro Retana Yingzhen Qu and Jeff Tantsura. 2022. Use of Streams in BGP over QUIC. Internet-Draft draft-retana-idr-bgp-quic-stream-02. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-retana-idr-bgp-quic-stream\/02\/ Work in Progress."},{"key":"e_1_2_1_81_1","unstructured":"Routing Information Service (RIS). 2023. rrc01 snapshot. https:\/\/data.ris.ripe.net\/rrc01\/2023.11\/updates.20231115.1115.gz"},{"key":"e_1_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.23919\/IFIPNetworking62109.2024.10619718"},{"key":"e_1_2_1_83_1","doi-asserted-by":"publisher","unstructured":"Karen Seo and Stephen Kent. 2005. Security Architecture for the Internet Protocol. RFC 4301. https:\/\/doi.org\/10.17487\/RFC4301","DOI":"10.17487\/RFC4301"},{"key":"e_1_2_1_84_1","doi-asserted-by":"publisher","unstructured":"Daniel Simon Ryan Hurst and Dr. Bernard D. Aboba. 2008. The EAP-TLS Authentication Protocol. RFC 5216. https:\/\/doi.org\/10.17487\/RFC5216","DOI":"10.17487\/RFC5216"},{"key":"e_1_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.1996.586129"},{"key":"e_1_2_1_86_1","unstructured":"Job Snijders. 2019. BGP Filter Generator. https:\/\/github.com\/bgp\/bgpq4."},{"key":"e_1_2_1_87_1","unstructured":"Richard Steenbergen. 2006. IRR Power Tools - A utility for managing Internet Routing Registry (IRR) filters. (2006). Presented at NANOG36 https:\/\/archive.nanog.org\/meetings\/nanog36\/presentations\/steenbergen.pdf."},{"key":"e_1_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278557"},{"key":"e_1_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-71617-4_2"},{"key":"e_1_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355581"},{"key":"e_1_2_1_91_1","unstructured":"The H2O Project. 2016. TLS 1.3 implementation in C. https:\/\/github.com\/h2o\/picotls."},{"key":"e_1_2_1_92_1","unstructured":"The kernel development community. 2023. TCP Authentication Option Linux implementation (RFC5925). https:\/\/docs.kernel.org\/networking\/tcp%5Fao.html"},{"key":"e_1_2_1_93_1","unstructured":"The kernel development community. 2024. The kernel's command-line parameters. https:\/\/docs.kernel.org\/admin-guide\/kernel-parameters.html"},{"key":"e_1_2_1_94_1","doi-asserted-by":"publisher","unstructured":"Martin Thomson and Sean Turner. 2021. Using TLS to Secure QUIC. RFC 9001. https:\/\/doi.org\/10.17487\/RFC9001","DOI":"10.17487\/RFC9001"},{"key":"e_1_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC5925"},{"key":"e_1_2_1_96_1","doi-asserted-by":"publisher","unstructured":"Doughan Turk. 2004. Configuring BGP to Block Denial-of-Service Attacks. RFC 3882. https:\/\/doi.org\/10.17487\/RFC3882","DOI":"10.17487\/RFC3882"},{"key":"e_1_2_1_97_1","doi-asserted-by":"publisher","DOI":"10.1007\/11426639_2"},{"key":"e_1_2_1_98_1","unstructured":"Russ White. 2003. Deployment Considerations for Secure Origin BGP (soBGP). Internet-Draft draft-white-sobgp-bgp-deployment-01. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-white-sobgp-bgp-deployment\/01\/ Work in Progress."},{"key":"e_1_2_1_99_1","doi-asserted-by":"crossref","unstructured":"Thomas Wirtgen. 2024. Survey on the configuration of BGP routers. http:\/\/hdl.handle.net\/2078.1\/292356","DOI":"10.1145\/3696406"},{"key":"e_1_2_1_100_1","unstructured":"Thomas Wirtgen and Olivier Bonaventure. 2024. BGP over TLS\/TCP. Internet-Draft draft-wirtgen-bgp-tls-01. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-wirtgen-bgp-tls\/01\/ Work in Progress."},{"key":"e_1_2_1_101_1","unstructured":"Tatu Ylonen. 1995. The SSH (Secure Shell) Remote Login Protocol. Internet-Draft draft-ylonen-ssh-protocol-00. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/draft-ylonen-ssh-protocol\/00\/ Work in Progress."}],"container-title":["Proceedings of the ACM on Networking"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696406","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696406","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T01:25:42Z","timestamp":1755912342000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696406"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,25]]},"references-count":101,"journal-issue":{"issue":"CoNEXT4","published-print":{"date-parts":[[2024,12]]}},"alternative-id":["10.1145\/3696406"],"URL":"https:\/\/doi.org\/10.1145\/3696406","relation":{},"ISSN":["2834-5509"],"issn-type":[{"type":"electronic","value":"2834-5509"}],"subject":[],"published":{"date-parts":[[2024,11,25]]},"assertion":[{"value":"2024-11-25","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}