draft-ietf-sidr-roa-validation-09.txt   draft-ietf-sidr-roa-validation-10.txt 
Secure Inter-Domain Routing (SIDR) G. Huston Secure Inter-Domain Routing (SIDR) G. Huston
Internet-Draft G. Michaelson Internet-Draft G. Michaelson
Intended status: Informational APNIC Intended status: Informational APNIC
Expires: May 12, 2011 November 8, 2010 Expires: May 15, 2011 November 11, 2010
Validation of Route Origination using the Resource Certificate PKI and Validation of Route Origination using the Resource Certificate PKI and
ROAs ROAs
draft-ietf-sidr-roa-validation-09.txt draft-ietf-sidr-roa-validation-10.txt
Abstract Abstract
This document defines the semantics of a Route Origin Authorization This document defines the semantics of a Route Origin Authorization
(ROA) in terms of the context of an application of the Resource (ROA) in terms of the context of an application of the Resource
Public Key Infrastructure to validate the origination of routes Public Key Infrastructure to validate the origination of routes
advertised in the Border Gateway Protocol. advertised in the Border Gateway Protocol.
Status of this Memo Status of this Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 12, 2011. This Internet-Draft will expire on May 15, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 50 skipping to change at page 3, line 50
A "route" is unit of information that associates a set of A "route" is unit of information that associates a set of
destinations described by an IP address prefix with a set of destinations described by an IP address prefix with a set of
attributes of a path to those destinations, as defined in section 1.1 attributes of a path to those destinations, as defined in section 1.1
of [RFC4271]. of [RFC4271].
A route's "origin AS" is defined as follows: If the final path A route's "origin AS" is defined as follows: If the final path
segment of the AS_PATH is of type AS_SEQUENCE, the "origin AS" is the segment of the AS_PATH is of type AS_SEQUENCE, the "origin AS" is the
first element of the sequence (i.e. the AS in the rightmost position first element of the sequence (i.e. the AS in the rightmost position
with respect to the position of octets in the protocol message). If with respect to the position of octets in the protocol message). If
the final path segment of the AS_PATH is of type AS_SET, indicating the AS_PATH contains a path segment of type AS_SET, indicating that
that the route is an aggregate, then the origin AS is taken as the AS the route is an aggregate, then the "origin AS" cannot be determined.
component of the AGGREGATOR path attribute [RFC4271], if present.
Otherwise the route's origin AS cannot be determined.
In terms of validation of a route in the context of a routing In terms of validation of a route in the context of a routing
environment, the address prefix value and the origin AS are used in environment, the address prefix value and the origin AS are used in
the ROA validation operation. the ROA validation operation.
It is assumed here that a Relying Party (RP) has access to a local It is assumed here that a Relying Party (RP) has access to a local
cache of the complete set of valid ROAs when performing validation of cache of the complete set of valid ROAs when performing validation of
a route. (Valid ROAs are defined as ROAs that are determined to be a route. (Valid ROAs are defined as ROAs that are determined to be
syntactically correct and are signed using a signature that can be syntactically correct and are signed using a signature that can be
verified using the RPKI, as described in [I-D.ietf-sidr-roa-format].) verified using the RPKI, as described in [I-D.ietf-sidr-roa-format].)
 End of changes. 4 change blocks. 
7 lines changed or deleted 5 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/