Secure Inter-Domain Routing (sidr)
----------------------------------

 Charter
 Last Modified: 2011-12-09

 Current Status: Active Working Group

 Chair(s):
     Sandra Murphy  <Sandra.Murphy@sparta.com>
     Chris Morrow  <morrowc@ops-netman.net>

 Routing Area Director(s):
     Stewart Bryant  <stbryant@cisco.com>
     Adrian Farrel  <adrian@olddog.co.uk>

 Routing Area Advisor:
     Stewart Bryant  <stbryant@cisco.com>

 Technical Advisor(s):
     Steven Bellovin  <smb@cs.columbia.edu>

 Mailing Lists: 
     General Discussion:sidr@ietf.org
     To Subscribe:      sidr-request@ietf.org
         In Body:       In Body: (un)subscribe
     Archive:           http://www.ietf.org/mail-archive/web/sidr/index.html

Description of Working Group:

The purpose of the SIDR working group is to reduce vulnerabilities in
the inter-domain routing system. The two vulnerabilities that will be
addressed are:

 * Is an Autonomous System (AS) authorized to originate an IP prefix
 * Is the AS-Path represented in the route the same as the path through
    which the NLRI traveled

The SIDR working group will take practical deployability into consideration.

Building upon the already completed and implemented framework:

 * Resource Public Key Infrastructure (RPKI)
 * Distribution of RPKI data to routing devices and its use in
      operational networks
 * Document the use of certification objects within the secure
      routing architecture

This working group will specify security enhancements for inter-domain
routing protocols.
 Goals and Milestones:

   Done         Submit initial draft on inter-domain routing security within 
                this architecture 

   Done         Submit initial draft on certificate objects to be used within 
                this architecture 

   Done         Submit initial draft on securing origination of routing 
                information 

   Jan 2010       I-D: draft-ietf-sidr-publication 

   Jan 2010       I-D: draft-ietf-sidr-keyroll 

   Jan 2010       I-D: draft-ietf-sidr-arch 

   Jan 2010       I-D: draft-ietf-sidr-cp 

   Jan 2010       I-D: draft-ietf-sidr-res-certs 

   Jan 2010       I-D: draft-ietf-sidr-roa-validation 

   Jan 2010       I-D: draft-ietf-sidr-signed-object 

   Jan 2010       I-D: draft-ietf-sidr-rpki-manifests 

   Jan 2010       I-D: draft-ietf-sidr-rpki-algs 

   Jan 2010       I-D: draft-ietf-sidr-rescerts-provisioning 

   Jan 2010       I-D: draft-ietf-sidr-ta 

   Mar 2010       I-D: draft-ietf-sidr-cps-irs 

   Mar 2010       I-D: draft-ietf-sidr-cps-isp 

   Nov 2010       I-D: draft-ietf-sidr-origin-ops 

   Nov 2010       I-D: draft-ietf-sidr-pfx-validate 

   Nov 2010       I-D: draft-ietf-sidr-repos-struct 

   Nov 2010       I-D: draft-ietf-sidr-roa-format 

   Nov 2010       I-D: draft-ietf-sidr-ltamgmt 

   Dec 2010       I-D: draft-rgaglian-sidr-algorithm-agility 

   Jan 2011       I-D: draft-ietf-sidr-ghostbusters 

   Feb 2011       I-D: draft-ietf-sidr-rpki-rtr 

   Mar 2011       I-D: Document the BGP protocol enhancements that meet the 
                security requirements 

   Mar 2011       I-D: A requirements document that addresses these threats 

   Mar 2011       I-D: A document describing threats to the routing system 

   Mar 2011       I-D: An overview of the RPKI and BGP Protocol changes required 
                for origin and path validation 

   Mar 2011       I-D: Operational deployment guidance for network operators 

   May 2011       I-D: draft-ietf-sidr-usecases 

   May 2011       Publication: draft-ietf-sidr-arch 

   May 2011       Publication: draft-ietf-sidr-cp 

   May 2011       Publication: draft-ietf-sidr-res-certs 

   Jun 2011       I-D: System and architecture design choices made in the 
                protocol and RPKI 

   Jun 2011       Publication: draft-ietf-sidr-publication 

   Jun 2011       Publication: draft-ietf-sidr-repos-struct 

   Jun 2011       Publication: draft-ietf-sidr-roa-format 

   Jun 2011       Publication: draft-ietf-sidr-rpki-rtr 

   Jun 2011       Publication: draft-ietf-sidr-roa-validation 

   Jun 2011       Publication: draft-ietf-sidr-signed-object 

   Jun 2011       Publication: draft-ietf-sidr-rpki-manifests 

   Jul 2011       Publication: draft-ietf-sidr-origin-ops 

   Jul 2011       Publication: draft-ietf-sidr-rpki-algs 

   Jul 2011       Publication: draft-ietf-sidr-rescerts-provisioning 

   Aug 2011       Publication: draft-ietf-sidr-ta 

   Oct 2011       Publication: draft-rgaglian-sidr-algorithm-agility 

   Oct 2011       Publication: draft-ietf-sidr-ghostbusters 

   Nov 2011       Publication: draft-ietf-sidr-ltamgmt 

   Dec 2011       Publication: System and architecture design choices made in the 
                protocol and RPKI 

   Dec 2011       Publication: draft-ietf-sidr-usecases 

   Dec 2011       Publication: draft-ietf-sidr-keyroll 

   Jan 2012       Publication: An overview of the RPKI and BGP Protocol changes 
                required for origin and path validation 

   Jan 2012       Publication: Document the BGP protocol enhancements that meet 
                the security requirements 

   Jan 2012       Publication: draft-ietf-sidr-pfx-validate 

   Mar 2012       Publication: draft-ietf-sidr-cps-irs 

   Mar 2012       Publication: draft-ietf-sidr-cps-isp 

   Jun 2012       Publication: A document describing threats to the routing 
                system 

   Jun 2012       Publication: A requirements document that addresses these 
                threats 

   Jul 2012       Publication: Operational deployment guidance for network 
                operators 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Jun 2010 Jan 2012   <draft-ietf-sidr-usecases-04.txt>
                Use Cases and Interpretation of RPKI Objects for Issuers and 
                Relying Parties 

Aug 2010 Oct 2011   <draft-ietf-sidr-pfx-validate-03.txt>
                BGP Prefix Origin Validation 

Aug 2010 Feb 2012   <draft-ietf-sidr-rpki-rtr-26.txt>
                The RPKI/Router Protocol 

Nov 2010 Dec 2011   <draft-ietf-sidr-ltamgmt-04.txt>
                Local Trust Anchor Management for the Resource Public Key 
                Infrastructure 

Jan 2011 Nov 2011   <draft-ietf-sidr-origin-ops-13.txt>
                RPKI-Based Origin Validation Operation 

Feb 2011 Jan 2012   <draft-ietf-sidr-algorithm-agility-05.txt>
                Algorithm Agility Procedure for RPKI. 

Jun 2011 Oct 2011   <draft-ietf-sidr-bgpsec-protocol-01.txt>
                BGPSEC Protocol Specification 

Jun 2011 Oct 2011   <draft-ietf-sidr-bgpsec-overview-01.txt>
                An Overview of BGPSEC 

Jun 2011 Feb 2012   <draft-ietf-sidr-bgpsec-threats-02.txt>
                Threat Model for BGP Path Security 

Jun 2011 Oct 2011   <draft-ietf-sidr-bgpsec-ops-01.txt>
                BGPsec Operational Considerations 

Jun 2011 Oct 2011   <draft-ietf-sidr-bgpsec-reqs-01.txt>
                Security Requirements for BGP Path Validation 

Oct 2011 Dec 2011   <draft-ietf-sidr-bgpsec-pki-profiles-01.txt>
                A Profile for BGPSEC Router Certificates, Certificate 
                Revocation Lists, and Certification Requests 

Oct 2011 Dec 2011   <draft-ietf-sidr-bgpsec-algs-01.txt>
                BGP Algorithms, Key Formats, & Signature Formats 

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC6490 PS   Feb 2012    Resource Public Key Infrastructure (RPKI) Trust Anchor 
                       Locator 

RFC6481 PS   Feb 2012    A Profile for Resource Certificate Repository Structure 

RFC6482 PS   Feb 2012    A Profile for Route Origin Authorizations (ROAs) 

RFC6483 I    Feb 2012    Validation of Route Origination Using the Resource 
                       Certificate Public Key Infrastructure (PKI) and Route 
                       Origin Authorizations (ROAs) 

RFC6485 PS   Feb 2012    The Profile for Algorithms and Key Sizes for Use in the 
                       Resource Public Key Infrastructure (RPKI) 

RFC6486 PS   Feb 2012    Manifests for the Resource Public Key Infrastructure 
                       (RPKI) 

RFC6488 PS   Feb 2012    Signed Object Template for the Resource Public Key 
                       Infrastructure (RPKI) 

RFC6489BCP  Feb 2012    Certification Authority (CA) Key Rollover in the 
                       Resource Public Key Infrastructure (RPKI) 

RFC6491 PS   Feb 2012    Resource Public Key Infrastructure (RPKI) Objects Issued 
                       by IANA 

RFC6492 PS   Feb 2012    A Protocol for Provisioning Resource Certificates 

RFC6493 PS   Feb 2012    The Resource Public Key Infrastructure (RPKI) 
                       Ghostbusters Record 

RFC6487 PS   Feb 2012    A Profile for X.509 PKIX Resource Certificates 

RFC6484BCP  Feb 2012    Certificate Policy (CP) for the Resource Public Key 
                       Infrastructure (RPKI) 

RFC6480 I    Feb 2012    An Infrastructure to Support Secure Internet Routing