Secure Inter-Domain Routing (sidr)
----------------------------------

 Charter
 Last Modified: 2010-03-12

 Current Status: Active Working Group

 Chair(s):
     Sandra Murphy  <Sandra.Murphy@sparta.com>
     Chris Morrow  <morrowc@ops-netman.net>

 Routing Area Director(s):
     Stewart Bryant  <stbryant@cisco.com>
     Adrian Farrel  <adrian@olddog.co.uk>

 Routing Area Advisor:
     Stewart Bryant  <stbryant@cisco.com>

 Technical Advisor(s):
     Steven Bellovin  <smb@cs.columbia.edu>

 Mailing Lists: 
     General Discussion:sidr@ietf.org
     To Subscribe:      sidr-request@ietf.org
         In Body:       In Body: (un)subscribe
     Archive:           http://www.ietf.org/mail-archive/web/sidr/index.html

Description of Working Group:

One of the areas of vulnerability for large scale Internet
environments lies in the area of inter-domain routing. The basic
security questions that can be posed regarding routing information
are whether the originating Autonomous System is authorized to
advertise an address prefix by the holder of that prefix, whether
the originating AS is accurately identified by the originating
Autonomous System Number in the advertisement, and the validity of
both the address prefix and the Autonomous System Number. A related
question concerns the level of trust than can be ascribed to
attributes of a route object in terms of their authenticity,
including consideration of the AS Path attribute.

The Routing Protocol Security Group (RPSEC) has been chartered to
document the security requirements for routing systems, and, in
particular, to produce a document on BGP security requirements.

The scope of work in the SIDR working group is to formulate an
extensible architecture for an interdomain routing security
framework. This framework must be capable of supporting incremental
additions of functional components. The SIDR working group will 
develop security mechanisms which fulfill those requirements which 
have been agreed on by the RPSEC working group. In developing these 
mechanisms, the SIDR working group will take practical deployability 
into consideration. 

The scope of work will include describing the use of certification
objects for supporting the distribution of authorization and
authentication information. Both hierarchic and distributed non-
hierarchic trust systems are intended to be supported within this
framework. The intended support of both forms of trust models is to
allow for the use of this framework for routing security in diverse
routing environments that have different underlying trust
characteristics.

The scope of work is limited to inter-domain router-to-router
protocols only, for both unicast and multicast systems.

The SIDR working group is charged with the following tasks:

- Document an extensible interdomain routing security architecture

- Document the use of certification objects within this secure
routing architecture

- Document specific routing functionality modules within this
architecture that are designed to address specific secure routing
requirements as they are determined by the RPSEC Working Group

 Goals and Milestones:

   Done         Submit initial draft on inter-domain routing security within 
                this architecture 

   Done         Submit initial draft on certificate objects to be used within 
                this architecture 

   Done         Submit initial draft on securing origination of routing 
                information 

   Mar 2007       Submit routing security architecture for publication as an 
                Informational RFC 

   May 2007       Submit description of use certificate objects by this 
                architecture as an Informational RFC 

   Jun 2007       Submit secure origination mechanism as a Proposed Standard 

   Aug 2007       Evaluate progress, recharter with new goals or shutdown 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Jun 2006 Dec 2010   <draft-ietf-sidr-res-certs-21.txt>
                A Profile for X.509 PKIX Resource Certificates 

Oct 2006 Dec 2010   <draft-ietf-sidr-cp-16.txt>
                Certificate Policy (CP) for the Resource PKI (RPKI 

Feb 2007 Feb 2011   <draft-ietf-sidr-roa-format-10.txt>
                A Profile for Route Origin Authorizations (ROAs) 

Feb 2007 Feb 2011   <draft-ietf-sidr-arch-12.txt>
                An Infrastructure to Support Secure Internet Routing 

Jan 2008 Nov 2010   <draft-ietf-sidr-rescerts-provisioning-09.txt>
                A Protocol for Provisioning Resource Certificates 

Jan 2008 Nov 2010   <draft-ietf-sidr-rpki-manifests-09.txt>
                Manifests for the Resource Public Key Infrastructure 

Aug 2008 Nov 2010   <draft-ietf-sidr-roa-validation-10.txt>
                Validation of Route Origination using the Resource Certificate 
                PKI and ROAs 

Aug 2008 Feb 2011   <draft-ietf-sidr-repos-struct-07.txt>
                A Profile for Resource Certificate Repository Structure 

Feb 2009 Nov 2010   <draft-ietf-sidr-ta-06.txt>
                Resource Certificate PKI (RPKI) Trust Anchor Locator 

Aug 2009 Nov 2010   <draft-ietf-sidr-rpki-algs-04.txt>
                A Profile for Algorithms and Key Sizes for use in the Resource 
                Public Key Infrastructure 

Jun 2010 Dec 2010   <draft-ietf-sidr-usecases-01.txt>
                Use Cases and interpretation of RPKI objects for issuers and 
                relying parties 

Aug 2010 Feb 2011   <draft-ietf-sidr-pfx-validate-01.txt>
                BGP Prefix Origin Validation 

Aug 2010 Mar 2011   <draft-ietf-sidr-rpki-rtr-11.txt>
                The RPKI/Router Protocol 

Sep 2010 Feb 2011   <draft-ietf-sidr-signed-object-03.txt>
                Signed Object Template for the Resource Public Key 
                Infrastructure 

Sep 2010 Feb 2011   <draft-ietf-sidr-keyroll-06.txt>
                CA Key Rollover in the RPKI 

Oct 2010 Oct 2010   <draft-ietf-sidr-publication-00.txt>
                A Publication Protocol for the Resource Public Key 
                Infrastructure (RPKI) 

Nov 2010 Nov 2010   <draft-ietf-sidr-ltamgmt-00.txt>
                Local Trust Anchor Management for the Resource Public Key 
                Infrastructure 

Nov 2010 Nov 2010   <draft-ietf-sidr-origin-validation-signaling-00.txt>
                BGP Prefix Origin Validation State Extended Community 

Jan 2011 Mar 2011   <draft-ietf-sidr-origin-ops-06.txt>
                RPKI-Based Origin Validation Operation 

Jan 2011 Mar 2011   <draft-ietf-sidr-ghostbusters-03.txt>
                The RPKI Ghostbusters Record 

Feb 2011 Feb 2011   <draft-ietf-sidr-iana-objects-01.txt>
                RPKI Objects issued by IANA 

Feb 2011 Feb 2011   <draft-ietf-sidr-algorithm-agility-00.txt>
                Algorithm Agility Procedure for RPKI. 

 Request For Comments:

  None to date.