Secure Inter-Domain Routing (sidr) ---------------------------------- Charter Last Modified: 2011-12-09 Current Status: Active Working Group Chair(s): Sandra Murphy Chris Morrow Routing Area Director(s): Stewart Bryant Adrian Farrel Routing Area Advisor: Stewart Bryant Technical Advisor(s): Steven Bellovin Mailing Lists: General Discussion:sidr@ietf.org To Subscribe: sidr-request@ietf.org In Body: In Body: (un)subscribe Archive: http://www.ietf.org/mail-archive/web/sidr/index.html Description of Working Group: The purpose of the SIDR working group is to reduce vulnerabilities in the inter-domain routing system. The two vulnerabilities that will be addressed are: * Is an Autonomous System (AS) authorized to originate an IP prefix * Is the AS-Path represented in the route the same as the path through which the NLRI traveled The SIDR working group will take practical deployability into consideration. Building upon the already completed and implemented framework: * Resource Public Key Infrastructure (RPKI) * Distribution of RPKI data to routing devices and its use in operational networks * Document the use of certification objects within the secure routing architecture This working group will specify security enhancements for inter-domain routing protocols. Goals and Milestones: Done Submit initial draft on inter-domain routing security within this architecture Done Submit initial draft on certificate objects to be used within this architecture Done Submit initial draft on securing origination of routing information Jan 2010 I-D: draft-ietf-sidr-publication Jan 2010 I-D: draft-ietf-sidr-keyroll Jan 2010 I-D: draft-ietf-sidr-arch Jan 2010 I-D: draft-ietf-sidr-cp Jan 2010 I-D: draft-ietf-sidr-res-certs Jan 2010 I-D: draft-ietf-sidr-roa-validation Jan 2010 I-D: draft-ietf-sidr-signed-object Jan 2010 I-D: draft-ietf-sidr-rpki-manifests Jan 2010 I-D: draft-ietf-sidr-rpki-algs Jan 2010 I-D: draft-ietf-sidr-rescerts-provisioning Jan 2010 I-D: draft-ietf-sidr-ta Mar 2010 I-D: draft-ietf-sidr-cps-irs Mar 2010 I-D: draft-ietf-sidr-cps-isp Nov 2010 I-D: draft-ietf-sidr-origin-ops Nov 2010 I-D: draft-ietf-sidr-pfx-validate Nov 2010 I-D: draft-ietf-sidr-repos-struct Nov 2010 I-D: draft-ietf-sidr-roa-format Nov 2010 I-D: draft-ietf-sidr-ltamgmt Dec 2010 I-D: draft-rgaglian-sidr-algorithm-agility Jan 2011 I-D: draft-ietf-sidr-ghostbusters Feb 2011 I-D: draft-ietf-sidr-rpki-rtr Mar 2011 I-D: Document the BGP protocol enhancements that meet the security requirements Mar 2011 I-D: A requirements document that addresses these threats Mar 2011 I-D: A document describing threats to the routing system Mar 2011 I-D: An overview of the RPKI and BGP Protocol changes required for origin and path validation Mar 2011 I-D: Operational deployment guidance for network operators May 2011 I-D: draft-ietf-sidr-usecases May 2011 Publication: draft-ietf-sidr-arch May 2011 Publication: draft-ietf-sidr-cp May 2011 Publication: draft-ietf-sidr-res-certs Jun 2011 I-D: System and architecture design choices made in the protocol and RPKI Jun 2011 Publication: draft-ietf-sidr-publication Jun 2011 Publication: draft-ietf-sidr-repos-struct Jun 2011 Publication: draft-ietf-sidr-roa-format Jun 2011 Publication: draft-ietf-sidr-rpki-rtr Jun 2011 Publication: draft-ietf-sidr-roa-validation Jun 2011 Publication: draft-ietf-sidr-signed-object Jun 2011 Publication: draft-ietf-sidr-rpki-manifests Jul 2011 Publication: draft-ietf-sidr-origin-ops Jul 2011 Publication: draft-ietf-sidr-rpki-algs Jul 2011 Publication: draft-ietf-sidr-rescerts-provisioning Aug 2011 Publication: draft-ietf-sidr-ta Oct 2011 Publication: draft-rgaglian-sidr-algorithm-agility Oct 2011 Publication: draft-ietf-sidr-ghostbusters Nov 2011 Publication: draft-ietf-sidr-ltamgmt Dec 2011 Publication: System and architecture design choices made in the protocol and RPKI Dec 2011 Publication: draft-ietf-sidr-usecases Dec 2011 Publication: draft-ietf-sidr-keyroll Jan 2012 Publication: An overview of the RPKI and BGP Protocol changes required for origin and path validation Jan 2012 Publication: Document the BGP protocol enhancements that meet the security requirements Jan 2012 Publication: draft-ietf-sidr-pfx-validate Mar 2012 Publication: draft-ietf-sidr-cps-irs Mar 2012 Publication: draft-ietf-sidr-cps-isp Jun 2012 Publication: A document describing threats to the routing system Jun 2012 Publication: A requirements document that addresses these threats Jul 2012 Publication: Operational deployment guidance for network operators Internet-Drafts: Posted Revised I-D Title ------ ------- -------------------------------------------- Jun 2010 Jan 2012 Use Cases and Interpretation of RPKI Objects for Issuers and Relying Parties Aug 2010 Oct 2011 BGP Prefix Origin Validation Aug 2010 Feb 2012 The RPKI/Router Protocol Nov 2010 Dec 2011 Local Trust Anchor Management for the Resource Public Key Infrastructure Jan 2011 Nov 2011 RPKI-Based Origin Validation Operation Feb 2011 Jan 2012 Algorithm Agility Procedure for RPKI. Jun 2011 Oct 2011 BGPSEC Protocol Specification Jun 2011 Oct 2011 An Overview of BGPSEC Jun 2011 Feb 2012 Threat Model for BGP Path Security Jun 2011 Oct 2011 BGPsec Operational Considerations Jun 2011 Oct 2011 Security Requirements for BGP Path Validation Oct 2011 Dec 2011 A Profile for BGPSEC Router Certificates, Certificate Revocation Lists, and Certification Requests Oct 2011 Dec 2011 BGP Algorithms, Key Formats, & Signature Formats Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC6490 PS Feb 2012 Resource Public Key Infrastructure (RPKI) Trust Anchor Locator RFC6481 PS Feb 2012 A Profile for Resource Certificate Repository Structure RFC6482 PS Feb 2012 A Profile for Route Origin Authorizations (ROAs) RFC6483 I Feb 2012 Validation of Route Origination Using the Resource Certificate Public Key Infrastructure (PKI) and Route Origin Authorizations (ROAs) RFC6485 PS Feb 2012 The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI) RFC6486 PS Feb 2012 Manifests for the Resource Public Key Infrastructure (RPKI) RFC6488 PS Feb 2012 Signed Object Template for the Resource Public Key Infrastructure (RPKI) RFC6489BCP Feb 2012 Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI) RFC6491 PS Feb 2012 Resource Public Key Infrastructure (RPKI) Objects Issued by IANA RFC6492 PS Feb 2012 A Protocol for Provisioning Resource Certificates RFC6493 PS Feb 2012 The Resource Public Key Infrastructure (RPKI) Ghostbusters Record RFC6487 PS Feb 2012 A Profile for X.509 PKIX Resource Certificates RFC6484BCP Feb 2012 Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI) RFC6480 I Feb 2012 An Infrastructure to Support Secure Internet Routing