IETF Proceedings

Secure Inter-Domain Routing (sidr)

Interim Meeting of

Note: This is a snapshot as of 2012-02-25. It may now be out of date.

Minutes | Agenda | Jabber Logs | Mailing List Archives

Additional information is available at tools.ietf.org/wg/sidr

Chair(s):

Routing Area Area Director(s):

Routing Area Advisor(s)

Steven Bellovin

Meeting Slides:

Internet-Drafts:

Request for Comments:

RFC	Status	Title
RFC6480	I	An Infrastructure to Support Secure Internet Routing
RFC6481	PS	A Profile for Resource Certificate Repository Structure
RFC6482	PS	A Profile for Route Origin Authorizations (ROAs)
RFC6483	I	Validation of Route Origination Using the Resource Certificate Public Key Infrastructure (PKI) and Route Origin Authorizations (ROAs)
RFC6484	BCP	Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI)
RFC6485	PS	The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI)
RFC6486	PS	Manifests for the Resource Public Key Infrastructure (RPKI)
RFC6487	PS	A Profile for X.509 PKIX Resource Certificates
RFC6488	PS	Signed Object Template for the Resource Public Key Infrastructure (RPKI)
RFC6489	BCP	Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI)
RFC6490	PS	Resource Public Key Infrastructure (RPKI) Trust Anchor Locator
RFC6491	PS	Resource Public Key Infrastructure (RPKI) Objects Issued by IANA
RFC6492	PS	A Protocol for Provisioning Resource Certificates
RFC6493	PS	The Resource Public Key Infrastructure (RPKI) Ghostbusters Record

Charter:

The purpose of the SIDR working group is to reduce vulnerabilities in
the inter-domain routing system. The two vulnerabilities that will be
addressed are:

* Is an Autonomous System (AS) authorized to originate an IP prefix
* Is the AS-Path represented in the route the same as the path through
which the NLRI traveled

The SIDR working group will take practical deployability into consideration.

Building upon the already completed and implemented framework:

* Resource Public Key Infrastructure (RPKI)
* Distribution of RPKI data to routing devices and its use in
operational networks
* Document the use of certification objects within the secure
routing architecture

This working group will specify security enhancements for inter-domain
routing protocols.

Goals and Milestones:

Done		Submit initial draft on inter-domain routing security within this architecture
Done		Submit initial draft on certificate objects to be used within this architecture
Done		Submit initial draft on securing origination of routing information
01-2010		I-D: draft-ietf-sidr-publication
01-2010		I-D: draft-ietf-sidr-keyroll
01-2010		I-D: draft-ietf-sidr-arch
01-2010		I-D: draft-ietf-sidr-cp
01-2010		I-D: draft-ietf-sidr-res-certs
01-2010		I-D: draft-ietf-sidr-roa-validation
01-2010		I-D: draft-ietf-sidr-signed-object
01-2010		I-D: draft-ietf-sidr-rpki-manifests
01-2010		I-D: draft-ietf-sidr-rpki-algs
01-2010		I-D: draft-ietf-sidr-rescerts-provisioning
01-2010		I-D: draft-ietf-sidr-ta
03-2010		I-D: draft-ietf-sidr-cps-irs
03-2010		I-D: draft-ietf-sidr-cps-isp
11-2010		I-D: draft-ietf-sidr-origin-ops
11-2010		I-D: draft-ietf-sidr-pfx-validate
11-2010		I-D: draft-ietf-sidr-repos-struct
11-2010		I-D: draft-ietf-sidr-roa-format
11-2010		I-D: draft-ietf-sidr-ltamgmt
12-2010		I-D: draft-rgaglian-sidr-algorithm-agility
01-2011		I-D: draft-ietf-sidr-ghostbusters
02-2011		I-D: draft-ietf-sidr-rpki-rtr
03-2011		I-D: Document the BGP protocol enhancements that meet the security requirements
03-2011		I-D: A requirements document that addresses these threats
03-2011		I-D: A document describing threats to the routing system
03-2011		I-D: An overview of the RPKI and BGP Protocol changes required for origin and path validation
03-2011		I-D: Operational deployment guidance for network operators
05-2011		I-D: draft-ietf-sidr-usecases
05-2011		Publication: draft-ietf-sidr-arch
05-2011		Publication: draft-ietf-sidr-cp
05-2011		Publication: draft-ietf-sidr-res-certs
06-2011		I-D: System and architecture design choices made in the protocol and RPKI
06-2011		Publication: draft-ietf-sidr-publication
06-2011		Publication: draft-ietf-sidr-repos-struct
06-2011		Publication: draft-ietf-sidr-roa-format
06-2011		Publication: draft-ietf-sidr-rpki-rtr
06-2011		Publication: draft-ietf-sidr-roa-validation
06-2011		Publication: draft-ietf-sidr-signed-object
06-2011		Publication: draft-ietf-sidr-rpki-manifests
07-2011		Publication: draft-ietf-sidr-origin-ops
07-2011		Publication: draft-ietf-sidr-rpki-algs
07-2011		Publication: draft-ietf-sidr-rescerts-provisioning
08-2011		Publication: draft-ietf-sidr-ta
10-2011		Publication: draft-rgaglian-sidr-algorithm-agility
10-2011		Publication: draft-ietf-sidr-ghostbusters
11-2011		Publication: draft-ietf-sidr-ltamgmt
12-2011		Publication: System and architecture design choices made in the protocol and RPKI
12-2011		Publication: draft-ietf-sidr-usecases
12-2011		Publication: draft-ietf-sidr-keyroll
01-2012		Publication: An overview of the RPKI and BGP Protocol changes required for origin and path validation
01-2012		Publication: Document the BGP protocol enhancements that meet the security requirements
01-2012		Publication: draft-ietf-sidr-pfx-validate
03-2012		Publication: draft-ietf-sidr-cps-irs
03-2012		Publication: draft-ietf-sidr-cps-isp
06-2012		Publication: A document describing threats to the routing system
06-2012		Publication: A requirements document that addresses these threats
07-2012		Publication: Operational deployment guidance for network operators