Routing Protocol Security Requirements (rpsec)
----------------------------------------------

 Charter
 Last Modified: 2008-04-22

 Current Status: Active Working Group

 Chair(s):
     Russ White  <riw@cisco.com>
     Tony Tauber  <ttauber@1-4-5.net>

 Routing Area Director(s):
     Ross Callon  <rcallon@juniper.net>
     David Ward  <dward@cisco.com>

 Routing Area Advisor:
     David Ward  <dward@cisco.com>

 Mailing Lists: 
     General Discussion:rpsec@ietf.org
     To Subscribe:      rpsec-request@ietf.org
         In Body:       (un)subscribe
     Archive:           http://www.ietf.org/mail-archive/web/rpsec/index.html

Description of Working Group:

The lack of a common set of security requirements and methods for
 routing protocols has resulted in a wide variety of security
 mechanisms for individual routing protocols. Ongoing work on
 requirements for the next generation routing system and future work on
 the actual mechanisms for it will require well documented routing
 security requirements.

 The products of this working group will be used by routing protocol
 designers to ensure adequate coverage of security in the future,
 including well known and possible threats.

 The scope of work is limited to router-to-router protocols only for
 both unicast and multicast systems, and does NOT include
 host-to-router protocol such as IGMP, ICMP, ARP, or ND. It is also a
 non-goal at this point to produce new or change the current security
 mechanisms in the existing routing protocols.

 The RPSEC working group is charged with the following tasks:

 - Document threat models for routing systems

 - Document security requirements for routing systems

 - Document security analysis and requirements for specific routing
     protocols (e.g., OSPF, BGP)

 - Provide a common area for discussion between security and routing
     experts on the topic of securing the routing system

 Possible Future Work

 - Evaluate and document existing and proposed routing security
     mechanisms with respect to established RPSEC requirements

 - Recommend mechanism(s)

 Goals and Milestones:

   Done         Submit initial I-D (or set of I-Ds) which details the threats 
                to routing systems. 

   Done         Submit I-Ds documenting threats to routing systems for 
                publication as Informational RFC. 

   Done         Submit initial I-D (or set of I-Ds) which outlines security 
                requirements for routing systems. 

   Done         Recharter to include protocol-specific work. 

   Done         Submit initial I-D describing BGP Attack-Tree analysis. 

   Done         Submit initial I-D describing OSPF vulnerability analysis. 

   Done         Submit initial I-D describing BGP security requirements. 

   Oct 2004       Submit the I-D documenting security requirements to routing 
                systems for publication as Informational RFC. 

   Oct 2004       Submit BGP Attack-Tree analysis for publication as 
                Informational RFC. 

   Oct 2004       Submit OSPF vulnerability analysis for publication as 
                Informational RFC. 

   Dec 2004       Submit BGP security requirements for publication as 
                Informational RFC. 

   Mar 2005       Evaluate progress, recharter with new goals or shutdown. 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Dec 2004 Nov 2008   <draft-ietf-rpsec-bgpsecrec-10.txt>
                BGP Security Requirements 

Dec 2007 Jul 2008   <draft-ietf-rpsec-bgp-session-sec-req-01.txt>
                BGP Session Security Requirements 

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC4593 I    Oct 2006    Generic Threats to Routing Protocols