|
Secure Inter-Domain Routing (sidr)Last Modified: 2010-03-12 Additional information is available at tools.ietf.org/wg/sidr
Chair(s):Routing Area Director(s):Routing Area Advisor:Technical Advisor(s):Mailing Lists:General Discussion: sidr@ietf.orgTo Subscribe: sidr-request@ietf.org In Body: In Body: (un)subscribe Archive: http://www.ietf.org/mail-archive/web/sidr/index.html Description of Working Group:One of the areas of vulnerability for large scale Internetenvironments lies in the area of inter-domain routing. The basic security questions that can be posed regarding routing information are whether the originating Autonomous System is authorized to advertise an address prefix by the holder of that prefix, whether the originating AS is accurately identified by the originating Autonomous System Number in the advertisement, and the validity of both the address prefix and the Autonomous System Number. A related question concerns the level of trust than can be ascribed to attributes of a route object in terms of their authenticity, including consideration of the AS Path attribute. The Routing Protocol Security Group (RPSEC) has been chartered to document the security requirements for routing systems, and, in particular, to produce a document on BGP security requirements. The scope of work in the SIDR working group is to formulate an extensible architecture for an interdomain routing security framework. This framework must be capable of supporting incremental additions of functional components. The SIDR working group will develop security mechanisms which fulfill those requirements which have been agreed on by the RPSEC working group. In developing these mechanisms, the SIDR working group will take practical deployability into consideration. The scope of work will include describing the use of certification objects for supporting the distribution of authorization and authentication information. Both hierarchic and distributed non- hierarchic trust systems are intended to be supported within this framework. The intended support of both forms of trust models is to allow for the use of this framework for routing security in diverse routing environments that have different underlying trust characteristics. The scope of work is limited to inter-domain router-to-router protocols only, for both unicast and multicast systems. The SIDR working group is charged with the following tasks: - Document an extensible interdomain routing security architecture - Document the use of certification objects within this secure routing architecture - Document specific routing functionality modules within this architecture that are designed to address specific secure routing requirements as they are determined by the RPSEC Working Group Goals and Milestones:
Internet-Drafts:A Profile for X.509 PKIX Resource Certificates (78782 bytes)Certificate Policy (CP) for the Resource PKI (RPKI) (70659 bytes) Template for an Internet Registry's Certification Practice Statement (CPS) for the Resource PKI (RPKI) (87311 bytes) Template for an Internet Service Provider's Certification Practice Statement (CPS) for the Resource PKI (RPKI) (88279 bytes) A Profile for Route Origin Authorizations (ROAs) (26486 bytes) A Protocol for Provisioning Resource Certificates (55776 bytes) Manifests for the Resource Public Key Infrastructure (59307 bytes) Validation of Route Origination using the Resource Certificate PKI and ROAs (19699 bytes) A Profile for Resource Certificate Repository Structure (28242 bytes) Securing RPSL Objects with RPKI Signatures (25973 bytes) A Profile for Trust Anchor Material for the Resource Certificate PKI (38352 bytes) A Profile for Algorithms and Key Sizes for use in the Resource Public Key Infrastructure (10902 bytes) Use Cases and interpretation of RPKI objects for issuers and relying parties (48530 bytes) BGP Prefix Origin Validation (21983 bytes) The RPKI/Router Protocol (43319 bytes) No Request For Comments |
|||||||||||||||||||||
|
||||||||||||||||||||||
