Archive for IETF

RFC 7128 – RPKI Router Implementation Report

February 22, 2014 at 02:37 · Filed under IETF, Routers & Routing, Security

RFC 7128

Title: Resource Public Key Infrastructure (RPKI) Router Implementation Report
Author: R. Bush, R. Austein,
K. Patel, H. Gredler,
M. Waehlisch
Status: Informational
Stream: IETF
Date: February 2014
Mailbox: randy@psg.com,
sra@hactrn.net,
keyupate@cisco.com,
hannes@juniper.net,
waehlisch@ieee.org
Pages: 11
Characters: 19348
Updates/Obsoletes/SeeAlso: None

I-D Tag: draft-ietf-sidr-rpki-rtr-impl-05.txt

URL: http://www.rfc-editor.org/rfc/rfc7128.txt

This document is an implementation report for the Resource Public Key Infrastructure (RPKI) Router protocol as defined in RFC 6810. The authors did not verify the accuracy of the information provided by respondents. The respondents are experts with the implementations they reported on, and their responses are considered authoritative for the implementations for which their responses represent. The respondents were asked to only use the “YES” answer if the feature had at least been tested in the lab.

Comments off

RFC 7115 Origin Validation Operation Based on the RPKI

January 15, 2014 at 11:16 · Filed under IETF, Routers & Routing, Security

Title: Origin Validation Operation Based on
the Resource Public Key Infrastructure (RPKI)
Author: R. Bush
Status: Best Current Practice
Stream: IETF
Date: January 2014
Mailbox: randy@psg.com
Pages: 11
Characters: 26033
See Also: BCP 185

I-D Tag: draft-ietf-sidr-origin-ops-23.txt

URL: http://www.rfc-editor.org/rfc/rfc7115.txt

Deployment of BGP origin validation that is based on the Resource
Public Key Infrastructure (RPKI) has many operational considerations.
This document attempts to collect and present those that are most
critical. It is expected to evolve as RPKI-based origin validation
continues to be deployed and the dynamics are better understood.

Comments off

RFC 6945 – Definitions of Managed Objects for the Resource Public Key Infrastructure (RPKI) to Router Protocol

May 11, 2013 at 03:03 · Filed under IETF, Net Management, Routers & Routing

RFC 6945

Title: Definitions of Managed Objects for
the Resource Public Key Infrastructure (RPKI)
to Router Protocol
Author: R. Bush, B. Wijnen,
K. Patel, M. Baer
Status: Standards Track
Stream: IETF
Date: May 2013
Mailbox: randy@psg.com,
bertietf@bwijnen.net,
keyupate@cisco.com,
baerm@tislabs.com
Pages: 25
Characters: 52515
Updates/Obsoletes/SeeAlso: None

I-D Tag: draft-ietf-sidr-rpki-rtr-protocol-mib-07.txt

URL: http://www.rfc-editor.org/rfc/rfc6945.txt

This document defines a portion of the Management Information Base
(MIB) for use with network management protocols in the Internet
community. In particular, it describes objects used for monitoring
the Resource Public Key Infrastructure (RPKI) to Router Protocol.

Comments off

RFC 6811 BGP Prefix Origin Validation

January 18, 2013 at 01:31 · Filed under IETF, Routers & Routing, Security

RFC 6811

Title: BGP Prefix Origin Validation
Author: P. Mohapatra, J. Scudder,
D. Ward, R. Bush,
R. Austein
Status: Standards Track
Stream: IETF
Date: January 2013
Mailbox: pmohapat@cisco.com,
jgs@juniper.net,
dward@cisco.com,
randy@psg.com,
sra@hactrn.net
Pages: 10
Characters: 20082
Updates/Obsoletes/SeeAlso: None

I-D Tag: draft-ietf-sidr-pfx-validate-10.txt

URL: http://www.rfc-editor.org/rfc/rfc6811.txt

To help reduce well-known threats against BGP including prefix mis-
announcing and monkey-in-the-middle attacks, one of the security
requirements is the ability to validate the origination Autonomous
System (AS) of BGP routes. More specifically, one needs to validate
that the AS number claiming to originate an address prefix (as
derived from the AS_PATH attribute of the BGP route) is in fact
authorized by the prefix holder to do so. This document describes a
simple validation mechanism to partially satisfy this requirement.
[STANDARDS-TRACK]

Comments off

RFC 6810 The Resource Public Key Infrastructure (RPKI) to Router Protocol

January 18, 2013 at 00:45 · Filed under IETF, Routers & Routing, Security

RFC 6810

Title: The Resource Public Key Infrastructure
(RPKI) to Router Protocol
Author: R. Bush, R. Austein
Status: Standards Track
Stream: IETF
Date: January 2013
Mailbox: randy@psg.com,
sra@hactrn.net
Pages: 27
Characters: 59714
Updates/Obsoletes/SeeAlso: None

I-D Tag: draft-ietf-sidr-rpki-rtr-26.txt

URL: http://www.rfc-editor.org/rfc/rfc6810.txt

In order to verifiably validate the origin Autonomous Systems of BGP
announcements, routers need a simple but reliable mechanism to
receive Resource Public Key Infrastructure (RFC 6480) prefix origin
data from a trusted cache. This document describes a protocol to
deliver validated prefix origin data to routers. [STANDARDS-TRACK]

Comments off

RFC 6493

February 4, 2012 at 04:08 · Filed under Above Layer 7, IETF, Net Management, Security 

        Title:      The Resource Public Key Infrastructure 
                    (RPKI) Ghostbusters Record 
        Author:     R. Bush
        Status:     Standards Track
        Stream:     IETF
        Date:       February 2012
        Mailbox:    randy@psg.com
        Pages:      8
        Characters: 15491
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-ietf-sidr-ghostbusters-15.txt

        URL:        http://www.rfc-editor.org/rfc/rfc6493.txt

In the Resource Public Key Infrastructure (RPKI), resource certificates completely obscure names or any other information that might be useful for contacting responsible parties to deal with issues of certificate expiration, maintenance, roll-overs, compromises, etc.  This document describes the RPKI Ghostbusters Record containing human contact information that may be verified (indirectly) by a Certification Authority (CA) certificate.  The data in the record are those of a severely profiled vCard.

Comments off

« Previous Page « Previous Page Next entries »