Secure Inter-Domain Routing (sidr)

Secure Inter-Domain Routing (sidr)
----------------------------------

Charter
Last Modified: 2011-12-09

Current Status: Active Working Group

Chair(s):
Sandra Murphy <[email protected]>
Chris Morrow <[email protected]>

Routing Area Director(s):
Stewart Bryant <[email protected]>
Adrian Farrel <[email protected]>

Routing Area Advisor:
Stewart Bryant <[email protected]>

Technical Advisor(s):
Steven Bellovin <[email protected]>

Mailing Lists:
General Discussion:[email protected]
To Subscribe: [email protected]
In Body: In Body: (un)subscribe
Archive: http://www.ietf.org/mail-archive/web/sidr/index.html

Description of Working Group:

The purpose of the SIDR working group is to reduce vulnerabilities in
the inter-domain routing system. The two vulnerabilities that will be
addressed are:

* Is an Autonomous System (AS) authorized to originate an IP prefix
* Is the AS-Path represented in the route the same as the path through
which the NLRI traveled

The SIDR working group will take practical deployability into consideration.

Building upon the already completed and implemented framework:

* Resource Public Key Infrastructure (RPKI)
* Distribution of RPKI data to routing devices and its use in
operational networks
* Document the use of certification objects within the secure
routing architecture

This working group will specify security enhancements for inter-domain
routing protocols.
Goals and Milestones:

Done Submit initial draft on inter-domain routing security within
this architecture

Done Submit initial draft on certificate objects to be used within
this architecture

Done Submit initial draft on securing origination of routing
information

Jan 2010 I-D: draft-ietf-sidr-publication

Jan 2010 I-D: draft-ietf-sidr-keyroll

Jan 2010 I-D: draft-ietf-sidr-arch

Jan 2010 I-D: draft-ietf-sidr-cp

Jan 2010 I-D: draft-ietf-sidr-res-certs

Jan 2010 I-D: draft-ietf-sidr-roa-validation

Jan 2010 I-D: draft-ietf-sidr-signed-object

Jan 2010 I-D: draft-ietf-sidr-rpki-manifests

Jan 2010 I-D: draft-ietf-sidr-rpki-algs

Jan 2010 I-D: draft-ietf-sidr-rescerts-provisioning

Jan 2010 I-D: draft-ietf-sidr-ta

Mar 2010 I-D: draft-ietf-sidr-cps-irs

Mar 2010 I-D: draft-ietf-sidr-cps-isp

Nov 2010 I-D: draft-ietf-sidr-origin-ops

Nov 2010 I-D: draft-ietf-sidr-pfx-validate

Nov 2010 I-D: draft-ietf-sidr-repos-struct

Nov 2010 I-D: draft-ietf-sidr-roa-format

Nov 2010 I-D: draft-ietf-sidr-ltamgmt

Dec 2010 I-D: draft-rgaglian-sidr-algorithm-agility

Jan 2011 I-D: draft-ietf-sidr-ghostbusters

Feb 2011 I-D: draft-ietf-sidr-rpki-rtr

Mar 2011 I-D: Document the BGP protocol enhancements that meet the
security requirements

Mar 2011 I-D: A requirements document that addresses these threats

Mar 2011 I-D: A document describing threats to the routing system

Mar 2011 I-D: An overview of the RPKI and BGP Protocol changes required
for origin and path validation

Mar 2011 I-D: Operational deployment guidance for network operators

May 2011 I-D: draft-ietf-sidr-usecases

May 2011 Publication: draft-ietf-sidr-arch

May 2011 Publication: draft-ietf-sidr-cp

May 2011 Publication: draft-ietf-sidr-res-certs

Jun 2011 I-D: System and architecture design choices made in the
protocol and RPKI

Jun 2011 Publication: draft-ietf-sidr-publication

Jun 2011 Publication: draft-ietf-sidr-repos-struct

Jun 2011 Publication: draft-ietf-sidr-roa-format

Jun 2011 Publication: draft-ietf-sidr-rpki-rtr

Jun 2011 Publication: draft-ietf-sidr-roa-validation

Jun 2011 Publication: draft-ietf-sidr-signed-object

Jun 2011 Publication: draft-ietf-sidr-rpki-manifests

Jul 2011 Publication: draft-ietf-sidr-origin-ops

Jul 2011 Publication: draft-ietf-sidr-rpki-algs

Jul 2011 Publication: draft-ietf-sidr-rescerts-provisioning

Aug 2011 Publication: draft-ietf-sidr-ta

Oct 2011 Publication: draft-rgaglian-sidr-algorithm-agility

Oct 2011 Publication: draft-ietf-sidr-ghostbusters

Nov 2011 Publication: draft-ietf-sidr-ltamgmt

Dec 2011 Publication: System and architecture design choices made in the
protocol and RPKI

Dec 2011 Publication: draft-ietf-sidr-usecases

Dec 2011 Publication: draft-ietf-sidr-keyroll

Jan 2012 Publication: An overview of the RPKI and BGP Protocol changes
required for origin and path validation

Jan 2012 Publication: Document the BGP protocol enhancements that meet
the security requirements

Jan 2012 Publication: draft-ietf-sidr-pfx-validate

Mar 2012 Publication: draft-ietf-sidr-cps-irs

Mar 2012 Publication: draft-ietf-sidr-cps-isp

Jun 2012 Publication: A document describing threats to the routing
system

Jun 2012 Publication: A requirements document that addresses these
threats

Jul 2012 Publication: Operational deployment guidance for network
operators

Internet-Drafts:

Posted Revised I-D Title <Filename>
------ ------- --------------------------------------------
Jun 2006 May 2011 <draft-ietf-sidr-res-certs-22.txt>
A Profile for X.509 PKIX Resource Certificates

Oct 2006 Apr 2011 <draft-ietf-sidr-cp-17.txt>
Certificate Policy (CP) for the Resource PKI (RPKI

Feb 2007 May 2011 <draft-ietf-sidr-roa-format-12.txt>
A Profile for Route Origin Authorizations (ROAs)

Feb 2007 May 2011 <draft-ietf-sidr-arch-13.txt>
An Infrastructure to Support Secure Internet Routing

Jan 2008 Aug 2011 <draft-ietf-sidr-rescerts-provisioning-11.txt>
A Protocol for Provisioning Resource Certificates

Jan 2008 Jul 2011 <draft-ietf-sidr-rpki-manifests-16.txt>
Manifests for the Resource Public Key Infrastructure

Aug 2008 Nov 2010 <draft-ietf-sidr-roa-validation-10.txt>
Validation of Route Origination using the Resource Certificate
PKI and ROAs

Aug 2008 Jul 2011 <draft-ietf-sidr-repos-struct-09.txt>
A Profile for Resource Certificate Repository Structure

Feb 2009 Apr 2011 <draft-ietf-sidr-ta-07.txt>
Resource Certificate PKI (RPKI) Trust Anchor Locator

Aug 2009 Apr 2011 <draft-ietf-sidr-rpki-algs-05.txt>
The Profile for Algorithms and Key Sizes for use in the
Resource Public Key Infrastructure

Jun 2010 Oct 2011 <draft-ietf-sidr-usecases-03.txt>
Use Cases and Interpretation of RPKI Objects for Issuers and
Relying Parties

Aug 2010 Oct 2011 <draft-ietf-sidr-pfx-validate-03.txt>
BGP Prefix Origin Validation

Aug 2010 Dec 2011 <draft-ietf-sidr-rpki-rtr-22.txt>
The RPKI/Router Protocol

Sep 2010 May 2011 <draft-ietf-sidr-signed-object-04.txt>
Signed Object Template for the Resource Public Key
Infrastructure

Sep 2010 Jul 2011 <draft-ietf-sidr-keyroll-08.txt>
CA Key Rollover in the RPKI

Oct 2010 Jul 2011 <draft-ietf-sidr-publication-01.txt>
A Publication Protocol for the Resource Public Key
Infrastructure (RPKI)

Nov 2010 Dec 2011 <draft-ietf-sidr-ltamgmt-04.txt>
Local Trust Anchor Management for the Resource Public Key
Infrastructure

Nov 2010 Aug 2011 <draft-ietf-sidr-origin-validation-signaling-01.txt>
BGP Prefix Origin Validation State Extended Community

Jan 2011 Nov 2011 <draft-ietf-sidr-origin-ops-13.txt>
RPKI-Based Origin Validation Operation

Jan 2011 Oct 2011 <draft-ietf-sidr-ghostbusters-15.txt>
The RPKI Ghostbusters Record

Feb 2011 May 2011 <draft-ietf-sidr-iana-objects-03.txt>
RPKI Objects issued by IANA

Feb 2011 Nov 2011 <draft-ietf-sidr-algorithm-agility-04.txt>
Algorithm Agility Procedure for RPKI.

Jun 2011 Oct 2011 <draft-ietf-sidr-bgpsec-protocol-01.txt>
BGPSEC Protocol Specification

Jun 2011 Oct 2011 <draft-ietf-sidr-bgpsec-overview-01.txt>
An Overview of BGPSEC

Jun 2011 Jun 2011 <draft-ietf-sidr-bgpsec-threats-00.txt>
Threat Model for BGP Path Security

Jun 2011 Oct 2011 <draft-ietf-sidr-bgpsec-ops-01.txt>
BGPsec Operational Considerations

Jun 2011 Oct 2011 <draft-ietf-sidr-bgpsec-reqs-01.txt>
Security Requirements for BGP Path Validation

Oct 2011 Dec 2011 <draft-ietf-sidr-bgpsec-pki-profiles-01.txt>
A Profile for BGPSEC Router Certificates, Certificate
Revocation Lists, and Certification Requests

Oct 2011 Dec 2011 <draft-ietf-sidr-bgpsec-algs-01.txt>
BGP Algorithms, Key Formats, & Signature Formats

Request For Comments:

None to date.