Routing Protocol Security Requirements (rpsec) ---------------------------------------------- Charter Last Modified: 2006-03-24 Current Status: Active Working Group Chair(s): Tony Tauber Russ White Routing Area Director(s): Ross Callon Bill Fenner Routing Area Advisor: Ross Callon Mailing Lists: General Discussion:rpsec@ietf.org To Subscribe: rpsec-request@ietf.org In Body: (un)subscribe Archive: http://www.ietf.org/mail-archive/web/rpsec/index.html Description of Working Group: The lack of a common set of security requirements and methods for routing protocols has resulted in a wide variety of security mechanisms for individual routing protocols. Ongoing work on requirements for the next generation routing system and future work on the actual mechanisms for it will require well documented routing security requirements. The products of this working group will be used by routing protocol designers to ensure adequate coverage of security in the future, including well known and possible threats. The scope of work is limited to router-to-router protocols only for both unicast and multicast systems, and does NOT include host-to-router protocol such as IGMP, ICMP, ARP, or ND. It is also a non-goal at this point to produce new or change the current security mechanisms in the existing routing protocols. The RPSEC working group is charged with the following tasks: - Document threat models for routing systems - Document security requirements for routing systems - Document security analysis and requirements for specific routing protocols (e.g., OSPF, BGP) - Provide a common area for discussion between security and routing experts on the topic of securing the routing system Possible Future Work - Evaluate and document existing and proposed routing security mechanisms with respect to established RPSEC requirements - Recommend mechanism(s) Goals and Milestones: Done Submit initial I-D (or set of I-Ds) which details the threats to routing systems. Done Submit I-Ds documenting threats to routing systems for publication as Informational RFC. Done Submit initial I-D (or set of I-Ds) which outlines security requirements for routing systems. Done Recharter to include protocol-specific work. Done Submit initial I-D describing BGP Attack-Tree analysis. Done Submit initial I-D describing OSPF vulnerability analysis. Done Submit initial I-D describing BGP security requirements. Oct 2004 Submit the I-D documenting security requirements to routing systems for publication as Informational RFC. Oct 2004 Submit BGP Attack-Tree analysis for publication as Informational RFC. Oct 2004 Submit OSPF vulnerability analysis for publication as Informational RFC. Dec 2004 Submit BGP security requirements for publication as Informational RFC. Mar 2005 Evaluate progress, recharter with new goals or shutdown. Internet-Drafts: Posted Revised I-D Title ------ ------- -------------------------------------------- May 2004 Jun 2006 OSPF Security Vulnerabilities Analysis Dec 2004 Jun 2006 BGP Security Requirements Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC4593 I Oct 2006 Generic Threats to Routing Protocols