| draft-ietf-sidr-bgpsec-ops-01.txt | draft-ietf-sidr-bgpsec-ops-02.txt | |||
|---|---|---|---|---|
| Network Working Group R. Bush | Network Working Group R. Bush | |||
| Internet-Draft Internet Initiative Japan | Internet-Draft Internet Initiative Japan | |||
| Intended status: BCP October 19, 2011 | Intended status: BCP March 8, 2012 | |||
| Expires: April 21, 2012 | Expires: September 9, 2012 | |||
| BGPsec Operational Considerations | BGPsec Operational Considerations | |||
| draft-ietf-sidr-bgpsec-ops-01 | draft-ietf-sidr-bgpsec-ops-02 | |||
| Abstract | Abstract | |||
| Deployment of the BGPsec architecture and protocols has many | Deployment of the BGPsec architecture and protocols has many | |||
| operational considerations. This document attempts to collect and | operational considerations. This document attempts to collect and | |||
| present them. It is expected to evolve as BGPsec is formalized and | present them. It is expected to evolve as BGPsec is formalized and | |||
| initially deployed. | initially deployed. | |||
| Requirements Language | Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 21, 2012. | This Internet-Draft will expire on September 9, 2012. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2011 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Suggested Reading . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Suggested Reading . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. RPKI Distribution and Maintenance . . . . . . . . . . . . . . . 3 | 3. RPKI Distribution and Maintenance . . . . . . . . . . . . . . . 3 | |||
| 4. AS/Router Certificates . . . . . . . . . . . . . . . . . . . . 4 | 4. AS/Router Certificates . . . . . . . . . . . . . . . . . . . . 3 | |||
| 5. Within a Network . . . . . . . . . . . . . . . . . . . . . . . 4 | 5. Within a Network . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 6. Considerations for Edge Sites . . . . . . . . . . . . . . . . . 5 | 6. Considerations for Edge Sites . . . . . . . . . . . . . . . . . 4 | |||
| 7. Beaconing Considerations . . . . . . . . . . . . . . . . . . . 5 | 7. Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 8. Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . 6 | 8. Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 9. Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . . 8 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 8 | 11.1. Normative References . . . . . . . . . . . . . . . . . . . 7 | |||
| 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 11.2. Informative References . . . . . . . . . . . . . . . . . . 7 | |||
| 13.1. Normative References . . . . . . . . . . . . . . . . . . . 8 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 13.2. Informative References . . . . . . . . . . . . . . . . . . 8 | ||||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9 | ||||
| 1. Introduction | 1. Introduction | |||
| BGPsec is a new protocol with many operational considerations. It is | BGPsec is a new protocol with many operational considerations. It is | |||
| expected to be deployed incrementally over a number of years. As | expected to be deployed incrementally over a number of years. As | |||
| core BGPsec-capable routers may require large memory and crypto | core BGPsec-capable routers may require large memory and/or modern | |||
| assist, it is thought that origin validation based on the RPKI will | CPUs, it is thought that origin validation based on the RPKI will | |||
| occur over the next two to five years and that BGPsec will start to | occur over the next one to three years and that BGPsec will start to | |||
| deploy late in that window. | deploy late in that window. | |||
| BGPsec relies on widespread propagation of the Resource Public Key | BGPsec relies on widespread propagation of the Resource Public Key | |||
| Infrastructure (RPKI) [I-D.ietf-sidr-arch]. How the RPKI is | Infrastructure (RPKI) [RFC6480]. How the RPKI is distributed and | |||
| distributed and maintained globally and within an operator's | maintained globally and within an operator's infrastructure may be | |||
| infrastructure may be different for BGPsec than for origin | different for BGPsec than for origin validation. | |||
| validation. | ||||
| BGPsec need be spoken only by a AS's eBGP speaking, AKA border, | BGPsec need be spoken only by an AS's eBGP speaking, AKA border, | |||
| routers, and is designed so that it can be used to protect | routers, and is designed so that it can be used to protect | |||
| announcements which are originated by small edge routers, and this | announcements which are originated by small edge routers. This has | |||
| has special operational considerations. | special operational considerations. | |||
| Different prefixes have different timing and replay protection | Different prefixes have different timing and replay protection | |||
| considerations. | considerations. | |||
| 2. Suggested Reading | 2. Suggested Reading | |||
| It is assumed that the reader understands BGP, [RFC4271], BGPsec, | It is assumed that the reader understands BGP, [RFC4271], BGPsec, | |||
| [I-D.lepinski-bgpsec-overview], the RPKI, see [I-D.ietf-sidr-arch], | [I-D.lepinski-bgpsec-overview], the RPKI, see [RFC6480], the RPKI | |||
| the RPKI Repository Structure, see [I-D.ietf-sidr-repos-struct], and | Repository Structure, see [RFC6481], and ROAs, see [RFC6482]. | |||
| ROAs, see [I-D.ietf-sidr-roa-format]. | ||||
| 3. RPKI Distribution and Maintenance | 3. RPKI Distribution and Maintenance | |||
| The RPKI is a distributed database containing certificates, CRLs, | All non-ROA considerations in the section on RPKI Distribution and | |||
| manifests, ROAs, and Ghostbuster Records as described in | Maintenance of [I-D.ietf-sidr-pfx-validate] apply. | |||
| [I-D.ietf-sidr-repos-struct]. Policies and considerations for RPKI | ||||
| object generation and maintenance are discussed elsewhere. | ||||
| A local valid cache containing all RPKI data may be gathered from the | ||||
| global distributed database using the rsync protocol and a validation | ||||
| tool such as rcynic. | ||||
| Validated caches may also be created and maintained from other | ||||
| validated caches. Network operators SHOULD take maximum advantage of | ||||
| this feature to minimize load on the global distributed RPKI | ||||
| database. | ||||
| As RPKI-based origin validation relies on the availability of RPKI | ||||
| data, operators SHOULD locate caches close to routers that require | ||||
| these data and services. A router can peer with one or more nearby | ||||
| caches. | ||||
| For redundancy, a router SHOULD peer with more than one cache at the | ||||
| same time. Peering with two or more, at least one local and others | ||||
| remote, is recommended. | ||||
| If an operator trusts upstreams to carry their traffic, they SHOULD | ||||
| also trust the RPKI data those upstreams cache, and SHOULD peer with | ||||
| those caches. Note that this places an obligation on those upstreams | ||||
| to maintain fresh and reliable caches. | ||||
| A transit provider or a network with peers SHOULD validate NLRI in | ||||
| announcements made by upstreams, downstreams, and peers. To minimize | ||||
| impact on the global RPKI, they SHOULD fetch from and then revalidate | ||||
| data from caches provided by their upstreams. | ||||
| An environment where private address space is announced in eBGP the | ||||
| operator MAY have private RPKI objects which cover these private | ||||
| spaces. This will require a trust anchor created and owned by that | ||||
| environment, see [I-D.ietf-sidr-ltamgmt]. | ||||
| 4. AS/Router Certificates | 4. AS/Router Certificates | |||
| As described in [I-D.ymbk-bgpsec-rtr-rekeying] routers MAY be capable | ||||
| of generating their own public/private key-pairs and having their | ||||
| certificates signed and published in the RPKI by the RPKI CA system, | ||||
| and/or MAY be given public/private key-pairs by the operator. | ||||
| A site/operator MAY use a single certificate/key in all their | A site/operator MAY use a single certificate/key in all their | |||
| routers, one certificate/key per router, or any granularity in | routers, one certificate/key per router, or any granularity in | |||
| between. | between. | |||
| A large operator, concerned that a compromise of one router's key | A large operator, concerned that a compromise of one router's key | |||
| would make many routers vulnerable, MAY accept a more complex | would make other routers vulnerable, MAY accept a more complex | |||
| certificate/key distribution burden to reduce this exposure. | certificate/key distribution burden to reduce this exposure. | |||
| On the other extreme, an edge site with one or two routers MAY use a | On the other extreme, an edge site with one or two routers MAY use a | |||
| single certificate/key. | single certificate/key. | |||
| Routers MAY be capable of generating their own keys and having their | ||||
| certificates signed and published in the RPKI by their NOC. This | ||||
| would mean that a router's private key need never leave the router. | ||||
| 5. Within a Network | 5. Within a Network | |||
| BGPsec is spoken by edge routers in a network, those which border | BGPsec is spoken by edge routers in a network, those which border | |||
| other networks/ASs. | other networks/ASs. | |||
| In a fully BGPsec enabled AS, Route Reflectors MUST have BGPsec | In a fully BGPsec enabled AS, Route Reflectors MUST have BGPsec | |||
| enabled if and only if there are eBGP speakers in their client cone. | enabled if and only if there are eBGP speakers in their client cone | |||
| (the transitive closure of their customers' customers' customers' | ||||
| ...). | ||||
| A BGPsec capable router MAY use the data it receives to influence | A BGPsec capable router MAY use the data it receives to influence | |||
| local policy within its network, see Section 8. In deployment this | local policy within its network, see Section 7. In deployment this | |||
| policy should fit into the AS's existing policy, preferences, etc. | policy should fit into the AS's existing policy, preferences, etc. | |||
| This allows a network to incrementally deploy BGPsec capable border | This allows a network to incrementally deploy BGPsec capable border | |||
| routers. | routers. | |||
| eBGP speakers which face more critical peers or up/downstreams would | eBGP speakers which face more critical peers or up/downstreams would | |||
| be candidates for the earliest deployment. Both securing one's own | be candidates for the earliest deployment. Both securing one's own | |||
| announcements and validating received announcements should be | announcements and validating received announcements should be | |||
| considered in partial deployment. | considered in partial deployment. | |||
| An eBGP listener MUST NOT trust non-BGPsec markings such as | As they are not signed, an eBGP listener SHOULD NOT strongly trust | |||
| communities received across a trust boundary. | unsigned markings such as communities received across a trust | |||
| boundary. | ||||
| 6. Considerations for Edge Sites | 6. Considerations for Edge Sites | |||
| An edge site which does not provide transit and trusts its | An edge site which does not provide transit and trusts its | |||
| upstream(s) SHOULD only originate a signed prefix announcement and | upstream(s) SHOULD only originate a signed prefix announcement and | |||
| need not validate received announcements. | need not validate received announcements. | |||
| BGPsec protocol capability negotiation provides for a speaker signing | BGPsec protocol capability negotiation provides for a speaker signing | |||
| the data it sends but being unable to accept signed data. Thus a | the data it sends but being unable to accept signed data. Thus a | |||
| smallish edge router may hold only its own signing key(s) and sign | smallish edge router may hold only its own signing key(s) and sign | |||
| it's announcement but not receive signed announcements and therefore | it's announcement but not receive signed announcements and therefore | |||
| not need to deal with the majority of the RPKI. | not need to deal with the majority of the RPKI. Thus such routers | |||
| CPU, RAM, and crypto needs are trivial and additional hardware should | ||||
| not be needed. | ||||
| As the vast majority (84%) of ASs are stubs, and they announce the | As the vast majority (84%) of ASs are stubs, and they announce the | |||
| majority of prefixes, this allows for simpler and cheaper early | majority of prefixes, this allows for simpler and cheaper early | |||
| incremental deployment. It may also mean that edge sites concerned | incremental deployment. It may also mean that edge sites concerned | |||
| with routing security will be attracted to upstreams which support | with routing security will be attracted to upstreams which support | |||
| BGPsec. | BGPsec. | |||
| 7. Beaconing Considerations | 7. Routing Policy | |||
| The BGPsec protocol attempts to reduce exposure to replay attacks by | ||||
| allowing the route originator to sign an announcement with a validity | ||||
| period and re-announce well within that period. | ||||
| This re-announcement is termed 'beaconing'. All timing values are, | ||||
| of course, jittered. | ||||
| It is only the originator of an NLRI which signs the announcement | ||||
| with a validity period. | ||||
| To reduce vulnerability to a lost beacon announcement, a router | ||||
| SHOULD beacon at a rate somewhat greater than half the signature | ||||
| validity period it uses. | ||||
| As beaconing places a load on the entire global routing system, | ||||
| careful thought MUST be given to any need to beacon frequently. This | ||||
| would be based on a conservative estimation of the vulnerability to a | ||||
| replay attack. | ||||
| Beacon timing and signature validity periods SHOULD be as follows: | ||||
| The Exemplary Citizen: Prefix originators who are not overly | ||||
| concerned about replay attacks might announce with a signature | ||||
| validity of multiple weeks and beacon one third of the validity | ||||
| period. | ||||
| Normal Prefix: Most prefixes SHOULD announce with a signature | ||||
| validity of a week and beacon every three days. | ||||
| Critical Prefix: Of course, we all think what we do is critical. | ||||
| But prefixes of top level DNS servers, and RPKI publication points | ||||
| are actually critical to large swaths of the Internet and are | ||||
| therefore tempting targets for replay attacks. It is suggested | ||||
| that the beaconing of these prefixes SHOULD be two to four hours, | ||||
| with a signature validity of six to twelve hours. | ||||
| Note that this may incur route flap damping (RFD) with current | ||||
| default but deprecated RFD parameters, see [I-D.ymbk-rfd-usable]. | ||||
| 8. Routing Policy | ||||
| Unlike origin validation based on the RPKI, BGPsec marks a received | Unlike origin validation based on the RPKI, BGPsec marks a received | |||
| announcement as Valid or Invalid, there is no NotFound state. How | announcement as Valid or Invalid, there is no NotFound state. How | |||
| this is used in routing is up to the operator's local policy. See | this is used in routing is up to the operator's local policy. See | |||
| [I-D.ietf-sidr-pfx-validate]. | [I-D.ietf-sidr-pfx-validate]. | |||
| As BGPsec will be rolled out over years and does not allow for | As BGPsec will be rolled out over years and does not allow for | |||
| intermediate non-signing edge routers, coverage will be spotty for a | intermediate non-signing edge routers, coverage will be spotty for a | |||
| long time. Hence a normal operator's policy SHOULD NOT be overly | long time. Hence a normal operator's policy SHOULD NOT be overly | |||
| strict, perhaps preferring valid announcements and giving very low | strict, perhaps preferring valid announcements and giving very low | |||
| skipping to change at page 7, line 10 | skipping to change at page 5, line 33 | |||
| Local policy on the eBGP edge MAY convey the validation state of a | Local policy on the eBGP edge MAY convey the validation state of a | |||
| BGP signed path through normal local policy mechanisms, e.g. setting | BGP signed path through normal local policy mechanisms, e.g. setting | |||
| a BGP community, or modifying a metric value such as local-preference | a BGP community, or modifying a metric value such as local-preference | |||
| or MED. Some MAY choose to use the large Local-Pref hammer. Others | or MED. Some MAY choose to use the large Local-Pref hammer. Others | |||
| MAY choose to let AS-Path rule and set their internal metric, which | MAY choose to let AS-Path rule and set their internal metric, which | |||
| comes after AS-Path in the BGP decision process. | comes after AS-Path in the BGP decision process. | |||
| Because of possible RPKI version skew, an AS Path which does not | Because of possible RPKI version skew, an AS Path which does not | |||
| validate at router R0 might validate at R1. Therefore, signed paths | validate at router R0 might validate at R1. Therefore, signed paths | |||
| that are invalid and yet propagated SHOULD have their signatures kept | that are invalid and yet propagated (because they are chosen as best | |||
| intact and should be signed if sent to external BGPsec speakers. | path) SHOULD have their signatures kept intact and MUST be signed if | |||
| sent to external BGPsec speakers. | ||||
| This implies that updates which a speaker judges to be invalid MAY be | This implies that updates which a speaker judges to be invalid MAY be | |||
| propagated to iBGP peers. Therefore, unless local policy ensures | propagated to iBGP peers. Therefore, unless local policy ensures | |||
| otherwise, a signed path learned via iBGP MAY be invalid. If needed, | otherwise, a signed path learned via iBGP MAY be invalid. If needed, | |||
| the validation state SHOULD be signaled by normal local policy | the validation state SHOULD be signaled by normal local policy | |||
| mechanisms such as communities or metrics. | mechanisms such as communities or metrics. | |||
| On the other hand, local policy on the eBGP edge might preclude iBGP | On the other hand, local policy on the eBGP edge might preclude iBGP | |||
| or eBGP announcement of signed AS Paths which are invalid. | or eBGP announcement of signed AS Paths which are invalid. | |||
| If a BGPsec speaker receives an unsigned path, it SHOULD perform | A BGPsec speaker receiving a path SHOULD perform origin validation | |||
| origin validation per [I-D.ietf-sidr-pfx-validate]. | per [I-D.ietf-sidr-pfx-validate]. | |||
| If it is known that a BGPsec neighbor is not a transparent route | If it is known that a BGPsec neighbor is not a transparent route | |||
| server, and the router provides a knob to disallow a received pCount | server, and the router provides a knob to disallow a received pCount | |||
| (prepend count, zero for transparent route servers) of zero, that | (prepend count, zero for transparent route servers) of zero, that | |||
| knob SHOULD be applied. | knob SHOULD be applied. Routers should default to this knob | |||
| disallowing pCount 0. | ||||
| 9. Notes | To prevent exposure of the internals of BGP Confederations [RFC5065], | |||
| a BGPsec speaker which is a Member-AS of a Confederation MUST NOT | ||||
| sign updates sent to another Member-AS of the same Confederation. | ||||
| 8. Notes | ||||
| For protection from attacks replaying BGP data on the order of a day | ||||
| or longer old, re-keying routers with new keys (previously) | ||||
| provisioned in the RPKI is sufficient. For one procedure, see | ||||
| [I-D.rogaglia-sidr-bgpsec-rollover] | ||||
| Like the DNS, the global RPKI presents only a loosely consistent | Like the DNS, the global RPKI presents only a loosely consistent | |||
| view, depending on timing, updating, fetching, etc. Thus, one cache | view, depending on timing, updating, fetching, etc. Thus, one cache | |||
| or router may have different data about a particular prefix than | or router may have different data about a particular prefix than | |||
| another cache or router. There is no 'fix' for this, it is the | another cache or router. There is no 'fix' for this, it is the | |||
| nature of distributed data with distributed caches. | nature of distributed data with distributed caches. | |||
| Operators who manage certificates SHOULD have RPKI Ghostbuster | Operators who manage certificates SHOULD have RPKI Ghostbuster | |||
| Records (see [I-D.ietf-sidr-ghostbusters]), signed indirectly by End | Records (see [I-D.ietf-sidr-ghostbusters]), signed indirectly by End | |||
| Entity certificates, for those certificates on which others' routing | Entity certificates, for those certificates on which others' routing | |||
| depends for certificate and/or ROA validation. | depends for certificate and/or ROA validation. | |||
| As a router must evaluate certificates and ROAs which are time | As a router must evaluate certificates and ROAs which are time | |||
| dependent, routers' clocks MUST be correct to a tolerance of | dependent, routers' clocks MUST be correct to a tolerance of | |||
| approximately an hour. | approximately an hour. | |||
| If a router has reason to believe its clock is seriouly incorrect, | If a router has reason to believe its clock is seriously incorrect, | |||
| e.g. it has a time earlier than 2011, it SHOULD NOT attempt to | e.g. it has a time earlier than 2011, it SHOULD NOT attempt to | |||
| validate incoming updates. It SHOULD defer validation until it | validate incoming updates. It SHOULD defer validation until it | |||
| believes it is within reasonable time tolerance. | believes it is within reasonable time tolerance. | |||
| Servers should provide time service, such as NTP [RFC5905], to client | Servers should provide time service, such as [RFC5905], to client | |||
| routers. | routers. | |||
| 10. Security Considerations | 9. Security Considerations | |||
| BGPsec is all about security, routing security. The major security | The major security considerations for the BGPsec protocol are | |||
| considerations for the protocol are described in | described in [I-D.ietf-sidr-bgpsec-protocol]. | |||
| [I-D.ietf-sidr-bgpsec-protocol]. | ||||
| 11. IANA Considerations | 10. IANA Considerations | |||
| This document has no IANA Considerations. | This document has no IANA Considerations. | |||
| 12. Acknowledgments | 11. References | |||
| The author wishes to thank the BGPsec design team. | ||||
| 13. References | ||||
| 13.1. Normative References | 11.1. Normative References | |||
| [I-D.ietf-sidr-bgpsec-protocol] | [I-D.ietf-sidr-bgpsec-protocol] | |||
| Lepinski, M., "BGPSEC Protocol Specification", | Lepinski, M., "BGPSEC Protocol Specification", | |||
| draft-ietf-sidr-bgpsec-protocol-00 (work in progress), | draft-ietf-sidr-bgpsec-protocol-01 (work in progress), | |||
| June 2011. | October 2011. | |||
| [I-D.ietf-sidr-ghostbusters] | [I-D.ietf-sidr-ghostbusters] | |||
| Bush, R., "The RPKI Ghostbusters Record", | Bush, R., "The RPKI Ghostbusters Record", | |||
| draft-ietf-sidr-ghostbusters-15 (work in progress), | draft-ietf-sidr-ghostbusters-16 (work in progress), | |||
| October 2011. | December 2011. | |||
| [I-D.ietf-sidr-roa-format] | [I-D.lepinski-bgpsec-overview] | |||
| Lepinski, M., Kent, S., and D. Kong, "A Profile for Route | Lepinski, M. and S. Turner, "An Overview of BGPSEC", | |||
| Origin Authorizations (ROAs)", | draft-lepinski-bgpsec-overview-00 (work in progress), | |||
| draft-ietf-sidr-roa-format-12 (work in progress), | March 2011. | |||
| May 2011. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| 13.2. Informative References | [RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support | |||
| Secure Internet Routing", RFC 6480, February 2012. | ||||
| [I-D.ietf-sidr-arch] | [RFC6481] Huston, G., Loomans, R., and G. Michaelson, "A Profile for | |||
| Lepinski, M. and S. Kent, "An Infrastructure to Support | Resource Certificate Repository Structure", RFC 6481, | |||
| Secure Internet Routing", draft-ietf-sidr-arch-13 (work in | February 2012. | |||
| progress), May 2011. | ||||
| [I-D.ietf-sidr-ltamgmt] | [RFC6482] Lepinski, M., Kent, S., and D. Kong, "A Profile for Route | |||
| Reynolds, M. and S. Kent, "Local Trust Anchor Management | Origin Authorizations (ROAs)", RFC 6482, February 2012. | |||
| for the Resource Public Key Infrastructure", | ||||
| draft-ietf-sidr-ltamgmt-02 (work in progress), June 2011. | 11.2. Informative References | |||
| [I-D.ietf-sidr-pfx-validate] | [I-D.ietf-sidr-pfx-validate] | |||
| Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R. | Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R. | |||
| Austein, "BGP Prefix Origin Validation", | Austein, "BGP Prefix Origin Validation", | |||
| draft-ietf-sidr-pfx-validate-02 (work in progress), | draft-ietf-sidr-pfx-validate-03 (work in progress), | |||
| July 2011. | October 2011. | |||
| [I-D.ietf-sidr-repos-struct] | ||||
| Huston, G., Loomans, R., and G. Michaelson, "A Profile for | ||||
| Resource Certificate Repository Structure", | ||||
| draft-ietf-sidr-repos-struct-09 (work in progress), | ||||
| July 2011. | ||||
| [I-D.lepinski-bgpsec-overview] | [I-D.rogaglia-sidr-bgpsec-rollover] | |||
| Lepinski, M. and S. Turner, "An Overview of BGPSEC", | Gagliano, R., Patel, K., and B. Weis, "BGPSEC router key | |||
| draft-lepinski-bgpsec-overview-00 (work in progress), | roll-over as an alternative to beaconing", | |||
| March 2011. | draft-rogaglia-sidr-bgpsec-rollover-00 (work in progress), | |||
| March 2012. | ||||
| [I-D.ymbk-rfd-usable] | [I-D.ymbk-bgpsec-rtr-rekeying] | |||
| Pelsser, C., Bush, R., Patel, K., Mohapatra, P., and O. | Turner, S., Patel, K., and R. Bush, "Router Keying for | |||
| Maennel, "Making Route Flap Damping Usable", | BGPsec", draft-ymbk-bgpsec-rtr-rekeying-00 (work in | |||
| draft-ymbk-rfd-usable-01 (work in progress), June 2011. | progress), March 2012. | |||
| [RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway | [RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway | |||
| Protocol 4 (BGP-4)", RFC 4271, January 2006. | Protocol 4 (BGP-4)", RFC 4271, January 2006. | |||
| [RFC5065] Traina, P., McPherson, D., and J. Scudder, "Autonomous | ||||
| System Confederations for BGP", RFC 5065, August 2007. | ||||
| [RFC5905] Mills, D., Martin, J., Burbank, J., and W. Kasch, "Network | [RFC5905] Mills, D., Martin, J., Burbank, J., and W. Kasch, "Network | |||
| Time Protocol Version 4: Protocol and Algorithms | Time Protocol Version 4: Protocol and Algorithms | |||
| Specification", RFC 5905, June 2010. | Specification", RFC 5905, June 2010. | |||
| Author's Address | Author's Address | |||
| Randy Bush | Randy Bush | |||
| Internet Initiative Japan | Internet Initiative Japan | |||
| 5147 Crystal Springs | 5147 Crystal Springs | |||
| Bainbridge Island, Washington 98110 | Bainbridge Island, Washington 98110 | |||
| End of changes. 42 change blocks. | ||||
| 173 lines changed or deleted | 102 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||