Secure Inter-Domain Routing (sidr)
----------------------------------

 Charter
 Last Modified: 2011-08-18

 Current Status: Active Working Group

 Chair(s):
     Sandra Murphy  <Sandra.Murphy@sparta.com>
     Chris Morrow  <morrowc@ops-netman.net>

 Routing Area Director(s):
     Stewart Bryant  <stbryant@cisco.com>
     Adrian Farrel  <adrian@olddog.co.uk>

 Routing Area Advisor:
     Stewart Bryant  <stbryant@cisco.com>

 Technical Advisor(s):
     Steven Bellovin  <smb@cs.columbia.edu>

 Mailing Lists: 
     General Discussion:sidr@ietf.org
     To Subscribe:      sidr-request@ietf.org
         In Body:       In Body: (un)subscribe
     Archive:           http://www.ietf.org/mail-archive/web/sidr/index.html

Description of Working Group:

The purpose of the SIDR working group is to reduce vulnerabilities in
the inter-domain routing system. The two vulnerabilities that will be
addressed are:

 * Is an Autonomous System (AS) authorized to originate an IP prefix
 * Is the AS-Path represented in the route the same as the path through
    which the NLRI traveled

The SIDR working group will take practical deployability into consideration.

Building upon the already completed and implemented framework:

 * Resource Public Key Infrastructure (RPKI)
 * Distribution of RPKI data to routing devices and its use in
      operational networks
 * Document the use of certification objects within the secure
      routing architecture

This working group will specify security enhancements for inter-domain
routing protocols.
 Goals and Milestones:

   Done         Submit initial draft on inter-domain routing security within 
                this architecture 

   Done         Submit initial draft on certificate objects to be used within 
                this architecture 

   Done         Submit initial draft on securing origination of routing 
                information 

   Jan 2010       I-D: draft-ietf-sidr-publication 

   Jan 2010       I-D: draft-ietf-sidr-keyroll 

   Jan 2010       I-D: draft-ietf-sidr-arch 

   Jan 2010       I-D: draft-ietf-sidr-cp 

   Jan 2010       I-D: draft-ietf-sidr-res-certs 

   Jan 2010       I-D: draft-ietf-sidr-roa-validation 

   Jan 2010       I-D: draft-ietf-sidr-signed-object 

   Jan 2010       I-D: draft-ietf-sidr-rpki-manifests 

   Jan 2010       I-D: draft-ietf-sidr-rpki-algs 

   Jan 2010       I-D: draft-ietf-sidr-rescerts-provisioning 

   Jan 2010       I-D: draft-ietf-sidr-ta 

   Mar 2010       I-D: draft-ietf-sidr-cps-irs 

   Mar 2010       I-D: draft-ietf-sidr-cps-isp 

   Nov 2010       I-D: draft-ietf-sidr-origin-ops 

   Nov 2010       I-D: draft-ietf-sidr-pfx-validate 

   Nov 2010       I-D: draft-ietf-sidr-repos-struct 

   Nov 2010       I-D: draft-ietf-sidr-roa-format 

   Nov 2010       I-D: draft-ietf-sidr-ltamgmt 

   Dec 2010       I-D: draft-rgaglian-sidr-algorithm-agility 

   Jan 2011       I-D: draft-ietf-sidr-ghostbusters 

   Feb 2011       I-D: draft-ietf-sidr-rpki-rtr 

   Mar 2011       I-D: Document the BGP protocol enhancements that meet the 
                security requirements 

   Mar 2011       I-D: A requirements document that addresses these threats 

   Mar 2011       I-D: A document describing threats to the routing system 

   Mar 2011       I-D: An overview of the RPKI and BGP Protocol changes required 
                for origin and path validation 

   Mar 2011       I-D: Operational deployment guidance for network operators 

   May 2011       I-D: draft-ietf-sidr-usecases 

   May 2011       Publication: draft-ietf-sidr-arch 

   May 2011       Publication: draft-ietf-sidr-cp 

   May 2011       Publication: draft-ietf-sidr-res-certs 

   Jun 2011       I-D: System and architecture design choices made in the 
                protocol and RPKI 

   Jun 2011       Publication: draft-ietf-sidr-publication 

   Jun 2011       Publication: draft-ietf-sidr-repos-struct 

   Jun 2011       Publication: draft-ietf-sidr-roa-format 

   Jun 2011       Publication: draft-ietf-sidr-rpki-rtr 

   Jun 2011       Publication: draft-ietf-sidr-roa-validation 

   Jun 2011       Publication: draft-ietf-sidr-signed-object 

   Jun 2011       Publication: draft-ietf-sidr-rpki-manifests 

   Jul 2011       Publication: draft-ietf-sidr-origin-ops 

   Jul 2011       Publication: draft-ietf-sidr-rpki-algs 

   Jul 2011       Publication: draft-ietf-sidr-rescerts-provisioning 

   Aug 2011       Publication: draft-ietf-sidr-ta 

   Oct 2011       Publication: draft-rgaglian-sidr-algorithm-agility 

   Oct 2011       Publication: draft-ietf-sidr-ghostbusters 

   Nov 2011       Publication: draft-ietf-sidr-ltamgmt 

   Dec 2011       Publication: System and architecture design choices made in the 
                protocol and RPKI 

   Dec 2011       Publication: draft-ietf-sidr-usecases 

   Dec 2011       Publication: draft-ietf-sidr-keyroll 

   Jan 2012       Publication: An overview of the RPKI and BGP Protocol changes 
                required for origin and path validation 

   Jan 2012       Publication: Document the BGP protocol enhancements that meet 
                the security requirements 

   Jan 2012       Publication: draft-ietf-sidr-pfx-validate 

   Mar 2012       Publication: draft-ietf-sidr-cps-irs 

   Mar 2012       Publication: draft-ietf-sidr-cps-isp 

   Jun 2012       Publication: A document describing threats to the routing 
                system 

   Jun 2012       Publication: A requirements document that addresses these 
                threats 

   Jul 2012       Publication: Operational deployment guidance for network 
                operators 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Jun 2006 May 2011   <draft-ietf-sidr-res-certs-22.txt>
                A Profile for X.509 PKIX Resource Certificates 

Oct 2006 Apr 2011   <draft-ietf-sidr-cp-17.txt>
                Certificate Policy (CP) for the Resource PKI (RPKI 

Feb 2007 May 2011   <draft-ietf-sidr-roa-format-12.txt>
                A Profile for Route Origin Authorizations (ROAs) 

Feb 2007 May 2011   <draft-ietf-sidr-arch-13.txt>
                An Infrastructure to Support Secure Internet Routing 

Jan 2008 Aug 2011   <draft-ietf-sidr-rescerts-provisioning-11.txt>
                A Protocol for Provisioning Resource Certificates 

Jan 2008 Jul 2011   <draft-ietf-sidr-rpki-manifests-16.txt>
                Manifests for the Resource Public Key Infrastructure 

Aug 2008 Nov 2010   <draft-ietf-sidr-roa-validation-10.txt>
                Validation of Route Origination using the Resource Certificate 
                PKI and ROAs 

Aug 2008 Jul 2011   <draft-ietf-sidr-repos-struct-09.txt>
                A Profile for Resource Certificate Repository Structure 

Feb 2009 Apr 2011   <draft-ietf-sidr-ta-07.txt>
                Resource Certificate PKI (RPKI) Trust Anchor Locator 

Aug 2009 Apr 2011   <draft-ietf-sidr-rpki-algs-05.txt>
                The Profile for Algorithms and Key Sizes for use in the 
                Resource Public Key Infrastructure 

Jun 2010 Oct 2011   <draft-ietf-sidr-usecases-03.txt>
                Use Cases and Interpretation of RPKI Objects for Issuers and 
                Relying Parties 

Aug 2010 Oct 2011   <draft-ietf-sidr-pfx-validate-03.txt>
                BGP Prefix Origin Validation 

Aug 2010 Nov 2011   <draft-ietf-sidr-rpki-rtr-20.txt>
                The RPKI/Router Protocol 

Sep 2010 May 2011   <draft-ietf-sidr-signed-object-04.txt>
                Signed Object Template for the Resource Public Key 
                Infrastructure 

Sep 2010 Jul 2011   <draft-ietf-sidr-keyroll-08.txt>
                CA Key Rollover in the RPKI 

Oct 2010 Jul 2011   <draft-ietf-sidr-publication-01.txt>
                A Publication Protocol for the Resource Public Key 
                Infrastructure (RPKI) 

Nov 2010 Jun 2011   <draft-ietf-sidr-ltamgmt-02.txt>
                Local Trust Anchor Management for the Resource Public Key 
                Infrastructure 

Nov 2010 Aug 2011   <draft-ietf-sidr-origin-validation-signaling-01.txt>
                BGP Prefix Origin Validation State Extended Community 

Jan 2011 Nov 2011   <draft-ietf-sidr-origin-ops-13.txt>
                RPKI-Based Origin Validation Operation 

Jan 2011 Oct 2011   <draft-ietf-sidr-ghostbusters-15.txt>
                The RPKI Ghostbusters Record 

Feb 2011 May 2011   <draft-ietf-sidr-iana-objects-03.txt>
                RPKI Objects issued by IANA 

Feb 2011 Nov 2011   <draft-ietf-sidr-algorithm-agility-04.txt>
                Algorithm Agility Procedure for RPKI. 

Jun 2011 Oct 2011   <draft-ietf-sidr-bgpsec-protocol-01.txt>
                BGPSEC Protocol Specification 

Jun 2011 Oct 2011   <draft-ietf-sidr-bgpsec-overview-01.txt>
                An Overview of BGPSEC 

Jun 2011 Jun 2011   <draft-ietf-sidr-bgpsec-threats-00.txt>
                Threat Model for BGP Path Security 

Jun 2011 Oct 2011   <draft-ietf-sidr-bgpsec-ops-01.txt>
                BGPsec Operational Considerations 

Jun 2011 Oct 2011   <draft-ietf-sidr-bgpsec-reqs-01.txt>
                Security Requirements for BGP Path Validation 

Oct 2011 Oct 2011   <draft-ietf-sidr-bgpsec-pki-profiles-00.txt>
                A Profile for BGPSEC Router Certificates, Certificate 
                Revocation Lists, and Certification Requests 

Oct 2011 Oct 2011   <draft-ietf-sidr-bgpsec-algs-00.txt>
                BGP Algorithms, Key Formats, & Signature Formats 

 Request For Comments:

  None to date.