Secure Inter-Domain Routing (sidr) ---------------------------------- Charter Last Modified: 2011-12-09 Current Status: Active Working Group Chair(s): Sandra Murphy Chris Morrow Routing Area Director(s): Stewart Bryant Adrian Farrel Routing Area Advisor: Stewart Bryant Technical Advisor(s): Steven Bellovin Mailing Lists: General Discussion:sidr@ietf.org To Subscribe: sidr-request@ietf.org In Body: In Body: (un)subscribe Archive: http://www.ietf.org/mail-archive/web/sidr/index.html Description of Working Group: The purpose of the SIDR working group is to reduce vulnerabilities in the inter-domain routing system. The two vulnerabilities that will be addressed are: * Is an Autonomous System (AS) authorized to originate an IP prefix * Is the AS-Path represented in the route the same as the path through which the NLRI traveled The SIDR working group will take practical deployability into consideration. Building upon the already completed and implemented framework: * Resource Public Key Infrastructure (RPKI) * Distribution of RPKI data to routing devices and its use in operational networks * Document the use of certification objects within the secure routing architecture This working group will specify security enhancements for inter-domain routing protocols. Goals and Milestones: Done Submit initial draft on inter-domain routing security within this architecture Done Submit initial draft on certificate objects to be used within this architecture Done Submit initial draft on securing origination of routing information Jan 2010 I-D: draft-ietf-sidr-publication Jan 2010 I-D: draft-ietf-sidr-keyroll Jan 2010 I-D: draft-ietf-sidr-arch Jan 2010 I-D: draft-ietf-sidr-cp Jan 2010 I-D: draft-ietf-sidr-res-certs Jan 2010 I-D: draft-ietf-sidr-roa-validation Jan 2010 I-D: draft-ietf-sidr-signed-object Jan 2010 I-D: draft-ietf-sidr-rpki-manifests Jan 2010 I-D: draft-ietf-sidr-rpki-algs Jan 2010 I-D: draft-ietf-sidr-rescerts-provisioning Jan 2010 I-D: draft-ietf-sidr-ta Mar 2010 I-D: draft-ietf-sidr-cps-irs Mar 2010 I-D: draft-ietf-sidr-cps-isp Nov 2010 I-D: draft-ietf-sidr-origin-ops Nov 2010 I-D: draft-ietf-sidr-pfx-validate Nov 2010 I-D: draft-ietf-sidr-repos-struct Nov 2010 I-D: draft-ietf-sidr-roa-format Nov 2010 I-D: draft-ietf-sidr-ltamgmt Dec 2010 I-D: draft-rgaglian-sidr-algorithm-agility Jan 2011 I-D: draft-ietf-sidr-ghostbusters Feb 2011 I-D: draft-ietf-sidr-rpki-rtr Mar 2011 I-D: Document the BGP protocol enhancements that meet the security requirements Mar 2011 I-D: A requirements document that addresses these threats Mar 2011 I-D: A document describing threats to the routing system Mar 2011 I-D: An overview of the RPKI and BGP Protocol changes required for origin and path validation Mar 2011 I-D: Operational deployment guidance for network operators May 2011 I-D: draft-ietf-sidr-usecases May 2011 Publication: draft-ietf-sidr-arch May 2011 Publication: draft-ietf-sidr-cp May 2011 Publication: draft-ietf-sidr-res-certs Jun 2011 I-D: System and architecture design choices made in the protocol and RPKI Jun 2011 Publication: draft-ietf-sidr-publication Jun 2011 Publication: draft-ietf-sidr-repos-struct Jun 2011 Publication: draft-ietf-sidr-roa-format Jun 2011 Publication: draft-ietf-sidr-rpki-rtr Jun 2011 Publication: draft-ietf-sidr-roa-validation Jun 2011 Publication: draft-ietf-sidr-signed-object Jun 2011 Publication: draft-ietf-sidr-rpki-manifests Jul 2011 Publication: draft-ietf-sidr-origin-ops Jul 2011 Publication: draft-ietf-sidr-rpki-algs Jul 2011 Publication: draft-ietf-sidr-rescerts-provisioning Aug 2011 Publication: draft-ietf-sidr-ta Oct 2011 Publication: draft-rgaglian-sidr-algorithm-agility Oct 2011 Publication: draft-ietf-sidr-ghostbusters Nov 2011 Publication: draft-ietf-sidr-ltamgmt Dec 2011 Publication: System and architecture design choices made in the protocol and RPKI Dec 2011 Publication: draft-ietf-sidr-usecases Dec 2011 Publication: draft-ietf-sidr-keyroll Jan 2012 Publication: An overview of the RPKI and BGP Protocol changes required for origin and path validation Jan 2012 Publication: Document the BGP protocol enhancements that meet the security requirements Jan 2012 Publication: draft-ietf-sidr-pfx-validate Mar 2012 Publication: draft-ietf-sidr-cps-irs Mar 2012 Publication: draft-ietf-sidr-cps-isp Jun 2012 Publication: A document describing threats to the routing system Jun 2012 Publication: A requirements document that addresses these threats Jul 2012 Publication: Operational deployment guidance for network operators Internet-Drafts: Posted Revised I-D Title ------ ------- -------------------------------------------- Jun 2006 May 2011 A Profile for X.509 PKIX Resource Certificates Oct 2006 Apr 2011 Certificate Policy (CP) for the Resource PKI (RPKI Feb 2007 May 2011 A Profile for Route Origin Authorizations (ROAs) Feb 2007 May 2011 An Infrastructure to Support Secure Internet Routing Jan 2008 Aug 2011 A Protocol for Provisioning Resource Certificates Jan 2008 Jul 2011 Manifests for the Resource Public Key Infrastructure Aug 2008 Nov 2010 Validation of Route Origination using the Resource Certificate PKI and ROAs Aug 2008 Jul 2011 A Profile for Resource Certificate Repository Structure Feb 2009 Apr 2011 Resource Certificate PKI (RPKI) Trust Anchor Locator Aug 2009 Apr 2011 The Profile for Algorithms and Key Sizes for use in the Resource Public Key Infrastructure Jun 2010 Jan 2012 Use Cases and Interpretation of RPKI Objects for Issuers and Relying Parties Aug 2010 Oct 2011 BGP Prefix Origin Validation Aug 2010 Feb 2012 The RPKI/Router Protocol Sep 2010 May 2011 Signed Object Template for the Resource Public Key Infrastructure Sep 2010 Jul 2011 CA Key Rollover in the RPKI Nov 2010 Dec 2011 Local Trust Anchor Management for the Resource Public Key Infrastructure Jan 2011 Nov 2011 RPKI-Based Origin Validation Operation Jan 2011 Dec 2011 The RPKI Ghostbusters Record Feb 2011 May 2011 RPKI Objects issued by IANA Feb 2011 Jan 2012 Algorithm Agility Procedure for RPKI. Jun 2011 Oct 2011 BGPSEC Protocol Specification Jun 2011 Oct 2011 An Overview of BGPSEC Jun 2011 Feb 2012 Threat Model for BGP Path Security Jun 2011 Oct 2011 BGPsec Operational Considerations Jun 2011 Oct 2011 Security Requirements for BGP Path Validation Oct 2011 Dec 2011 A Profile for BGPSEC Router Certificates, Certificate Revocation Lists, and Certification Requests Oct 2011 Dec 2011 BGP Algorithms, Key Formats, & Signature Formats Request For Comments: None to date.