draft-ietf-sidr-roa-validation-09.txt		draft-ietf-sidr-roa-validation-10.txt
	Secure Inter-Domain Routing (SIDR) G. Huston		Secure Inter-Domain Routing (SIDR) G. Huston
	Internet-Draft G. Michaelson		Internet-Draft G. Michaelson
	Intended status: Informational APNIC		Intended status: Informational APNIC
	Expires: May 12, 2011 November 8, 2010		Expires: May 15, 2011 November 11, 2010
	Validation of Route Origination using the Resource Certificate PKI and		Validation of Route Origination using the Resource Certificate PKI and
	ROAs		ROAs
	draft-ietf-sidr-roa-validation-09.txt		draft-ietf-sidr-roa-validation-10.txt
	Abstract		Abstract
	This document defines the semantics of a Route Origin Authorization		This document defines the semantics of a Route Origin Authorization
	(ROA) in terms of the context of an application of the Resource		(ROA) in terms of the context of an application of the Resource
	Public Key Infrastructure to validate the origination of routes		Public Key Infrastructure to validate the origination of routes
	advertised in the Border Gateway Protocol.		advertised in the Border Gateway Protocol.
	Status of this Memo		Status of this Memo
	skipping to change at page 1, line 34		skipping to change at page 1, line 34
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on May 12, 2011.		This Internet-Draft will expire on May 15, 2011.
	Copyright Notice		Copyright Notice
	Copyright (c) 2010 IETF Trust and the persons identified as the		Copyright (c) 2010 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 3, line 50		skipping to change at page 3, line 50
	A "route" is unit of information that associates a set of		A "route" is unit of information that associates a set of
	destinations described by an IP address prefix with a set of		destinations described by an IP address prefix with a set of
	attributes of a path to those destinations, as defined in section 1.1		attributes of a path to those destinations, as defined in section 1.1
	of [RFC4271].		of [RFC4271].
	A route's "origin AS" is defined as follows: If the final path		A route's "origin AS" is defined as follows: If the final path
	segment of the AS_PATH is of type AS_SEQUENCE, the "origin AS" is the		segment of the AS_PATH is of type AS_SEQUENCE, the "origin AS" is the
	first element of the sequence (i.e. the AS in the rightmost position		first element of the sequence (i.e. the AS in the rightmost position
	with respect to the position of octets in the protocol message). If		with respect to the position of octets in the protocol message). If
	the final path segment of the AS_PATH is of type AS_SET, indicating		the AS_PATH contains a path segment of type AS_SET, indicating that
	that the route is an aggregate, then the origin AS is taken as the AS		the route is an aggregate, then the "origin AS" cannot be determined.
	component of the AGGREGATOR path attribute [RFC4271], if present.
	Otherwise the route's origin AS cannot be determined.
	In terms of validation of a route in the context of a routing		In terms of validation of a route in the context of a routing
	environment, the address prefix value and the origin AS are used in		environment, the address prefix value and the origin AS are used in
	the ROA validation operation.		the ROA validation operation.
	It is assumed here that a Relying Party (RP) has access to a local		It is assumed here that a Relying Party (RP) has access to a local
	cache of the complete set of valid ROAs when performing validation of		cache of the complete set of valid ROAs when performing validation of
	a route. (Valid ROAs are defined as ROAs that are determined to be		a route. (Valid ROAs are defined as ROAs that are determined to be
	syntactically correct and are signed using a signature that can be		syntactically correct and are signed using a signature that can be
	verified using the RPKI, as described in [I-D.ietf-sidr-roa-format].)		verified using the RPKI, as described in [I-D.ietf-sidr-roa-format].)
End of changes. 4 change blocks.
	7 lines changed or deleted		5 lines changed or added
This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/