Secure Inter-Domain Routing (sidr)
----------------------------------

Charter
Last Modified: 2010-03-12

Current Status: Active Working Group

Chair(s):
    Sandra Murphy  <[email protected]>
    Chris Morrow  <[email protected]>

Routing Area Director(s):
    Ross Callon  <[email protected]>
    Adrian Farrel  <[email protected]>

Routing Area Advisor:
    Ross Callon  <[email protected]>

Technical Advisor(s):
    Steven Bellovin  <[email protected]>

Mailing Lists:
    General Discussion:[email protected]
    To Subscribe:      [email protected]
        In Body:       In Body: (un)subscribe
    Archive:           http://www.ietf.org/mail-archive/web/sidr/index.html

Description of Working Group:

One of the areas of vulnerability for large scale Internet
environments lies in the area of inter-domain routing. The basic
security questions that can be posed regarding routing information
are whether the originating Autonomous System is authorized to
advertise an address prefix by the holder of that prefix, whether
the originating AS is accurately identified by the originating
Autonomous System Number in the advertisement, and the validity of
both the address prefix and the Autonomous System Number. A related
question concerns the level of trust than can be ascribed to
attributes of a route object in terms of their authenticity,
including consideration of the AS Path attribute.

The Routing Protocol Security Group (RPSEC) has been chartered to
document the security requirements for routing systems, and, in
particular, to produce a document on BGP security requirements.

The scope of work in the SIDR working group is to formulate an
extensible architecture for an interdomain routing security
framework. This framework must be capable of supporting incremental
additions of functional components. The SIDR working group will
develop security mechanisms which fulfill those requirements which
have been agreed on by the RPSEC working group. In developing these
mechanisms, the SIDR working group will take practical deployability
into consideration.

The scope of work will include describing the use of certification
objects for supporting the distribution of authorization and
authentication information. Both hierarchic and distributed non-
hierarchic trust systems are intended to be supported within this
framework. The intended support of both forms of trust models is to
allow for the use of this framework for routing security in diverse
routing environments that have different underlying trust
characteristics.

The scope of work is limited to inter-domain router-to-router
protocols only, for both unicast and multicast systems.

The SIDR working group is charged with the following tasks:

- Document an extensible interdomain routing security architecture

- Document the use of certification objects within this secure
routing architecture

- Document specific routing functionality modules within this
architecture that are designed to address specific secure routing
requirements as they are determined by the RPSEC Working Group

Goals and Milestones:

  Done         Submit initial draft on inter-domain routing security within
               this architecture

  Done         Submit initial draft on certificate objects to be used within
               this architecture

  Done         Submit initial draft on securing origination of routing
               information

  Mar 2007       Submit routing security architecture for publication as an
               Informational RFC

  May 2007       Submit description of use certificate objects by this
               architecture as an Informational RFC

  Jun 2007       Submit secure origination mechanism as a Proposed Standard

  Aug 2007       Evaluate progress, recharter with new goals or shutdown


Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Jun 2006 Sep 2009   <draft-ietf-sidr-res-certs-17.txt>
               A Profile for X.509 PKIX Resource Certificates

Oct 2006 Jan 2010   <draft-ietf-sidr-cp-08.txt>
               Certificate Policy (CP) for the Resource PKI (RPKI)

Oct 2006 Mar 2010   <draft-ietf-sidr-cps-irs-05.txt>
               Template for an Internet Registry's Certification Practice
               Statement (CPS) for the Resource PKI (RPKI)

Feb 2007 Mar 2010   <draft-ietf-sidr-cps-isp-04.txt>
               Template for an Internet Service Provider's Certification
               Practice Statement (CPS) for the Resource PKI (RPKI)

Feb 2007 Oct 2009   <draft-ietf-sidr-arch-09.txt>
               An Infrastructure to Support Secure Internet Routing

Feb 2007 Oct 2009   <draft-ietf-sidr-roa-format-06.txt>
               A Profile for Route Origin Authorizations (ROAs)

Jan 2008 Dec 2009   <draft-ietf-sidr-rpki-manifests-06.txt>
               Manifests for the Resource Public Key Infrastructure

Aug 2008 Mar 2010   <draft-ietf-sidr-roa-validation-05.txt>
               Validation of Route Origination using the Resource Certificate
               PKI and ROAs

Dec 2008 Mar 2010   <draft-ietf-sidr-rpsl-sig-02.txt>
               Securing RPSL Objects with RPKI Signatures

Feb 2009 Sep 2009   <draft-ietf-sidr-ta-02.txt>
               A Profile for Trust Anchor Material for the Resource
               Certificate PKI

Request For Comments:

 None to date.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.