2.6.10 Routing Protocol Security Requirements (rpsec)

NOTE: This charter is a snapshot of the 71st IETF Meeting in Philadelphia, PA USA. It may now be out-of-date.

Last Modified: 2007-04-02

Chair(s):

Tony Tauber <ttauber@1-4-5.net>
Russ White <riw@cisco.com>

Routing Area Director(s):

Ross Callon <rcallon@juniper.net>
David Ward <dward@cisco.com>

Routing Area Advisor:

David Ward <dward@cisco.com>

Mailing Lists:

General Discussion: rpsec@ietf.org
To Subscribe: rpsec-request@ietf.org
In Body: (un)subscribe
Archive: http://www.ietf.org/mail-archive/web/rpsec/index.html

Description of Working Group:

The lack of a common set of security requirements and methods for
routing protocols has resulted in a wide variety of security
mechanisms for individual routing protocols. Ongoing work on
requirements for the next generation routing system and future work on
the actual mechanisms for it will require well documented routing
security requirements.

The products of this working group will be used by routing protocol
designers to ensure adequate coverage of security in the future,
including well known and possible threats.

The scope of work is limited to router-to-router protocols only for
both unicast and multicast systems, and does NOT include
host-to-router protocol such as IGMP, ICMP, ARP, or ND. It is also a
non-goal at this point to produce new or change the current security
mechanisms in the existing routing protocols.

The RPSEC working group is charged with the following tasks:

- Document threat models for routing systems

- Document security requirements for routing systems

- Document security analysis and requirements for specific routing
    protocols (e.g., OSPF, BGP)

- Provide a common area for discussion between security and routing
    experts on the topic of securing the routing system

Possible Future Work

- Evaluate and document existing and proposed routing security
    mechanisms with respect to established RPSEC requirements

- Recommend mechanism(s)

Goals and Milestones:

Done  Submit initial I-D (or set of I-Ds) which details the threats to routing systems.
Done  Submit I-Ds documenting threats to routing systems for publication as Informational RFC.
Done  Submit initial I-D (or set of I-Ds) which outlines security requirements for routing systems.
Done  Recharter to include protocol-specific work.
Done  Submit initial I-D describing BGP Attack-Tree analysis.
Done  Submit initial I-D describing OSPF vulnerability analysis.
Done  Submit initial I-D describing BGP security requirements.
Oct 2004  Submit the I-D documenting security requirements to routing systems for publication as Informational RFC.
Oct 2004  Submit BGP Attack-Tree analysis for publication as Informational RFC.
Oct 2004  Submit OSPF vulnerability analysis for publication as Informational RFC.
Dec 2004  Submit BGP security requirements for publication as Informational RFC.
Mar 2005  Evaluate progress, recharter with new goals or shutdown.

Internet-Drafts:

  • draft-ietf-rpsec-bgpsecrec-09.txt
  • draft-ietf-rpsec-bgp-session-sec-req-00.txt

    Request For Comments:

    RFCStatusTitle
    RFC4593 I Generic Threats to Routing Protocols

    Meeting Minutes


    Slides

    None received.