Secure Inter-Domain Routing (sidr)

Last Modified: 2010-03-12

Additional information is available at tools.ietf.org/wg/sidr

Chair(s):

Routing Area Director(s):

Routing Area Advisor:

Technical Advisor(s):

Mailing Lists:

General Discussion: sidr@ietf.org
To Subscribe: sidr-request@ietf.org
In Body: In Body: (un)subscribe
Archive: http://www.ietf.org/mail-archive/web/sidr/index.html

Description of Working Group:

The purpose of the SIDR working group is to reduce vulnerabilities in
the inter-domain routing system. The two vulnerabilities that will be
addressed are:

* Is an Autonomous System (AS) authorized to originate an IP prefix
* Is the AS-Path represented in the route the same as the path through
    which the NLRI traveled

The SIDR working group will take practical deployability into consideration.

Building upon the already completed and implemented framework:

* Resource Public Key Infrastructure (RPKI)
* Distribution of RPKI data to routing devices and its use in
      operational networks
* Document the use of certification objects within the secure
      routing architecture

This working group will specify security enhancements for inter-domain
routing protocols.

Goals and Milestones:

Done  Submit initial draft on inter-domain routing security within this architecture
Done  Submit initial draft on certificate objects to be used within this architecture
Done  Submit initial draft on securing origination of routing information
Jan 2010  I-D: draft-ietf-sidr-publication
Jan 2010  I-D: draft-ietf-sidr-keyroll
Jan 2010  I-D: draft-ietf-sidr-arch
Jan 2010  I-D: draft-ietf-sidr-cp
Jan 2010  I-D: draft-ietf-sidr-res-certs
Jan 2010  I-D: draft-ietf-sidr-roa-validation
Jan 2010  I-D: draft-ietf-sidr-signed-object
Jan 2010  I-D: draft-ietf-sidr-rpki-manifests
Jan 2010  I-D: draft-ietf-sidr-rpki-algs
Jan 2010  I-D: draft-ietf-sidr-rescerts-provisioning
Jan 2010  I-D: draft-ietf-sidr-ta
Mar 2010  I-D: draft-ietf-sidr-cps-irs
Mar 2010  I-D: draft-ietf-sidr-cps-isp
Nov 2010  I-D: draft-ietf-sidr-origin-ops
Nov 2010  I-D: draft-ietf-sidr-pfx-validate
Nov 2010  I-D: draft-ietf-sidr-repos-struct
Nov 2010  I-D: draft-ietf-sidr-roa-format
Nov 2010  I-D: draft-ietf-sidr-ltamgmt
Dec 2010  I-D: draft-rgaglian-sidr-algorithm-agility
Jan 2011  I-D: draft-ietf-sidr-ghostbusters
Feb 2011  I-D: draft-ietf-sidr-rpki-rtr
Mar 2011  I-D: Document the BGP protocol enhancements that meet the security requirements
Mar 2011  I-D: A requirements document that addresses these threats
Mar 2011  I-D: A document describing threats to the routing system
Mar 2011  I-D: An overview of the RPKI and BGP Protocol changes required for origin and path validation
Mar 2011  I-D: Operational deployment guidance for network operators
May 2011  I-D: draft-ietf-sidr-usecases
May 2011  Publication: draft-ietf-sidr-arch
May 2011  Publication: draft-ietf-sidr-cp
May 2011  Publication: draft-ietf-sidr-res-certs
Jun 2011  I-D: System and architecture design choices made in the protocol and RPKI
Jun 2011  Publication: draft-ietf-sidr-publication
Jun 2011  Publication: draft-ietf-sidr-repos-struct
Jun 2011  Publication: draft-ietf-sidr-roa-format
Jun 2011  Publication: draft-ietf-sidr-rpki-rtr
Jun 2011  Publication: draft-ietf-sidr-roa-validation
Jun 2011  Publication: draft-ietf-sidr-signed-object
Jun 2011  Publication: draft-ietf-sidr-rpki-manifests
Jul 2011  Publication: draft-ietf-sidr-origin-ops
Jul 2011  Publication: draft-ietf-sidr-rpki-algs
Jul 2011  Publication: draft-ietf-sidr-rescerts-provisioning
Aug 2011  Publication: draft-ietf-sidr-ta
Oct 2011  Publication: draft-rgaglian-sidr-algorithm-agility
Oct 2011  Publication: draft-ietf-sidr-ghostbusters
Nov 2011  Publication: draft-ietf-sidr-ltamgmt
Dec 2011  Publication: System and architecture design choices made in the protocol and RPKI
Dec 2011  Publication: draft-ietf-sidr-usecases
Dec 2011  Publication: draft-ietf-sidr-keyroll
Jan 2012  Publication: An overview of the RPKI and BGP Protocol changes required for origin and path validation
Jan 2012  Publication: Document the BGP protocol enhancements that meet the security requirements
Jan 2012  Publication: draft-ietf-sidr-pfx-validate
Mar 2012  Publication: draft-ietf-sidr-cps-irs
Mar 2012  Publication: draft-ietf-sidr-cps-isp
Jun 2012  Publication: A document describing threats to the routing system
Jun 2012  Publication: A requirements document that addresses these threats
Jul 2012  Publication: Operational deployment guidance for network operators

Internet-Drafts:

A Profile for X.509 PKIX Resource Certificates (70117 bytes)
Certificate Policy (CP) for the Resource PKI (RPKI (81091 bytes)
A Profile for Route Origin Authorizations (ROAs) (16595 bytes)
An Infrastructure to Support Secure Internet Routing (64912 bytes)
A Protocol for Provisioning Resource Certificates (64002 bytes)
Manifests for the Resource Public Key Infrastructure (43103 bytes)
Validation of Route Origination using the Resource Certificate PKI and ROAs (20797 bytes)
A Profile for Resource Certificate Repository Structure (35606 bytes)
Resource Certificate PKI (RPKI) Trust Anchor Locator (15811 bytes)
The Profile for Algorithms and Key Sizes for use in the Resource Public Key Infrastructure (11739 bytes)
Use Cases and interpretation of RPKI objects for issuers and relying parties (49413 bytes)
BGP Prefix Origin Validation (21230 bytes)
The RPKI/Router Protocol (48549 bytes)
Signed Object Template for the Resource Public Key Infrastructure (26191 bytes)
CA Key Rollover in the RPKI (23791 bytes)
Local Trust Anchor Management for the Resource Public Key Infrastructure (70630 bytes)
RPKI-Based Origin Validation Operation (16993 bytes)
The RPKI Ghostbusters Record (12770 bytes)
RPKI Objects issued by IANA (28188 bytes)
Algorithm Agility Procedure for RPKI. (36423 bytes)

No Request For Comments