Draft-ietf-sidr-roa-format draft-ietf-sidr-arch Matt Lepinski BBN Technologies.

Slides:



Advertisements
Similar presentations
A Threat Model for BGPSEC
Advertisements

A Threat Model for BGPSEC Steve Kent BBN Technologies.
RPKI Standards Activity Geoff Huston APNIC February 2010.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 70.
BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery 1IETF 802/12/2014.
RPKI Certificate Policy Status Update Stephen Kent.
Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.
ROAs and Detecting “Bad” Originations Geoff Huston SIDR WG IETF 74.
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
SIDR WORKING GROUP IETF 80 PRAGUE draft-manderson-sidr-geo-00.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
MIF API draft-ietf-mif-api-extension-05 Dapeng Liu.
Software Development, Programming, Testing & Implementation.
The Resource Public Key Infrastructure Geoff Huston APNIC.
Applicability Statement v1.1 Feedback: DirectTrust May 5, 2015.
APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
0 NAT/Firewall NSLP IETF 62th – March 2005 draft-ietf-nsis-nslp-natfw-05.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.
March 15, 2005 IETF #62 Minneapolis1 EAP Discovery draft-adrangi-eap-network-discovery-10.txt Farid Adrangi ( )
A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.
SIPREC draft-ietf-siprec-req-02 Requirements for Media Recording using SIP Draft authors: K. Rehor, A. Hutton, L. Portman, R. Jain, H. Lum IETF 78.5 Interim.
STIR Problem Statement IETF 88 (Vancouver) Tuesday Session Jon Peterson.
6bone address registry proposal Bob Fink ESnet 17 July 2002 Yokohama.
BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.
1 SIPREC draft-ietf-siprec-architecture-00 An Architecture for Media Recording using SIP IETF SIPREC INTERIM – Sept 28 th 2010 Andrew Hutton.
Comments on draft-ietf-pkix-scvp-19.txt IETF Meeting Paris - August 2005 Denis Pinkas
Updates to the RPKI Certificate Policy I-D Steve Kent BBN Technologies.
QA and Testing. QA Activity Processes monitoring Standards compliance monitoring Software testing Infrastructure testing Documentation testing Usability.
Managing the Use of Privacy Extensions for SLAAC in IPv6 (draft-gont-6man-managing-privacy- extensions-01.txt) Fernando Gont (UTN/FRH) Ron Broersma (DREN)
WG Document Status 192nd IETF TEAS Working Group.
NG9-1-1 Core Architecture: i3 v3 TERRY REESE BRIAN ROSEN.
BGPSEC : A BGP Extension to Support AS-Path Validation Matt Lepinski BBN Technologies.
Guidance of Using Unique Local Addresses draft-liu-v6ops-ula-usage-analysis-05 draft-liu-v6ops-ula-usage-analysis-05 Bing Liu(speaker), Sheng Jiang, Cameron.
SIP PUBLISH draft-ietf-simple-publish-01 Aki Niemi
Draft-huston-sidr-rfc6490-bis Geoff Huston Slide 1/6.
Page 1 IETF Speermint Working Group Speermint Requirements/Guidelines for SIP session peering draft-ietf-speermint-requirements-02 IETF 69 - Monday July.
Policies for ASN Management in the Asia Pacific Region – Revised Draft Address Policy SIG APNIC14, Kitakyushu, Japan 4 Sept 2002.
SonOf3039 Status Russ Housley Security Area Director.
Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.
1 MPLS Architectural Considerations for a Transport Profile ITU-T - IETF Joint Working Team Dave Ward, Malcolm Betts, ed. April 16, 2008.
Slide 1 July 2006, Montreal, QuebecIETF DNSEXT 2929bis Donald E. Eastlake 3 rd
1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.
Wed 24 Mar 2010SIDR IETF 77 Anaheim, CA1 SIDR Working Group IETF 77 Anaheim, CA Wednesday, Mar 24, 2010.
A Framework for Session Initiation Protocol User Agent Profile Delivery (draft-ietf-sipping-config-framework-11) SIPPING – IETF 68 Mar 19, 2007 Sumanth.
RPKI implementation experiences in the LAC Region Carlos M. Martínez – Arturo Servín LACSEC 2012 – LACNIC XVIII.
N ATIONAL E NGINEERING & T ECHNICAL O PERATIONS IETF 81 v6ops Meeting IPv6 DNS Whitelisting.
Revising RFC 3775 MEXT WG, IETF 70 Vijay Devarapalli
7/27/2004IETF San-Diego Plenary meeting 8/2004 EPON MIBs Lior Khermosh – Passave Technologies
July 2007 CAPWAP Protocol Specification Editors' Report July 2007
NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.
Re-cap & Next Steps Mahalingam Mani. The WG Now and from Now The main deliverables have progressed close to completion for this charter Problem statement.
Draft-ietf-pim-port-03 wglc. WGLC responses Thomas suggested a long list of changes, mostly editorial –I believe I addressed all Dimitri also had comments.
A RPKI RTR Client C Lib (RTRlib) - Implementation Update & First, Preliminary Performance Results Fabian Holler, Thomas C. Schmidt, and Matthias Wählisch.
CDB Chris Bonatti (IECA, Inc.) Tel: (+1) Proposed PKI4IPSEC Certificate Management Requirements Document IETF #60 – PKI4IPSEC Working.
SPPP Transport Session Peering Provisioning Protocol draft-ietf-drinks-sppp-over-soap-04.
IHE ITI XDStar Volume 3, Section 4 Redocumentation Debrief Gila Pyke Lead Facilitator/Cognaissance.
Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston )
RPKI Gray Area: Inheritance? IETF 83, SIDR WG Contributors: Andrew Chi (BBN), Rob Austein (DRL), Tim Bruijnzeels and Miklos Juhasz (RIPE NCC)
Thu 30 July 2009SIDR IETF 75 Stockholm, SE1 SIDR Working Group IETF 75 Stockholm, SE THURSDAY, July 30, 2009.
Jim McEachern Senior Technology Consultant ATIS July 8, 2015.
BGPSEC Protocol (From -01 to -02 and on to -03) Matt Lepinski.
IETF 81 Quebec, QC, Canada Thursday, 28 July, 2011
NAT State Synchronization using SCSP draft-xu-behave-nat-state-sync-01
Goals of soBGP Verify the origin of advertisements
IPv4 Support for Proxy Mobile IPv6 Ryuji Wakikawa & Sri Gundavelli
Resource Certificate Profile
ROA Content Proposal November 2006 Geoff Huston.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006
CIM Cooperative Work Program (COOP)
USOAP Continuous Monitoring Approach (CMA) Workshop
Presentation transcript:

draft-ietf-sidr-roa-format draft-ietf-sidr-arch Matt Lepinski BBN Technologies

2 ROA Format : Final Open Issue  Finished working group last call following IETF 76 One open issue remains  When the architecture document describes the relationship between ROAs and EE certs, it includes cautionary text that roughly says: Make sure you issue a new ROA for a prefix before you go and revoke the EE cert associated with the old ROA for that prefix (provided, of course, that you want to prefix to continue to be routed) That is, ROAs can potentially affect routing, so “make before break”  We received a comment during last call that similar text should be added to the ROA-Format document

3 ROA Format : Final Open Issue  I took a stab at writing such text and posted it to the list Feedback = The text I posted did not belong in ROA Format  Two options to close out this document: Working group consensus that the “make before break” message is inappropriate in the ROA Format document Working group consensus on appropriate text to deliver the “make before break” message in the ROA Format document  The following slide has strawman text Please comment if you have a strong opinion on this issue Let’s get this resolved soon so that we can progress the document

4 ROA Format : Strawman Text  For Section 3 (ROA Validation) “The validity of a ROA may potentially affect the routing of packets on the Internet. Therefore, one should exercise caution in revoking the EE cert included in a ROA (which causes the ROA to become invalid). It is RECOMMENDED that one issue a new ROA for a prefix prior to revoking an old ROA for the prefix to ensure that no interruption of routing to that prefix occurs.”

5 SIDR Architecture  Finished working group last call following IETF 76  Numerous editorial improvements and minor bug fixes suggested E.g., RSYNC bug, cite to rescerts-provisioning, fix to repository access protocol text, etc  One issue related to origination validation and partial deployment that requires additional discussion

6 SIDR Architecture : Open Issue  Currently, the architecture document describes the RPKI ecosystem (certificates, ROAs, manifests, etc) at a high-level, and describes what an address holder needs to do to participate in the RPKI.  The document is silent on how a relying party actually uses RPKI data (e.g., for origin validation).  Comments received during last call suggest that some would appreciate a discussion of the use of RPKI data (particularly, in a partial deployment scenario).  The following slide outlines one possible approach to resolving this issue

7 SIDR Architecture : Strawman  If there were working group consensus on the high- level approach currently specified in sidr-roa- validation  Then the architecture document could have text: Describing the incremental deployment scenario Providing a high-level description of “valid”, “unknown” and “invalid” and providing a pointer to sidr-roa- validation Emphasizing that the use of RPKI data in route selection is a matter of local policy (and referencing any drafts that provide appropriate mechanisms for implementing such policy)

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.