We have posted draft-atwood-rtgwg-secure-rtg, and requested a slot to
present it in Hawaii. We solicit comments from the working group.
We consider routing from the perspective of four layers:
1 Routing Protocol (exchange of routing packets)
2 Keys and Security Protocol (how to provide authentication
and integrity)
3 Key and Security Association Management
(how to negotiate the keys that
will be used)
4 Configuration Management (how to push the parameters for
Layer 3 onto the router)
Many routing protocols are defined (layer 1).
Many routing protocols have a security option defined in their
specification (layer 2).
Some key negotiation protocols have been proposed, but no method for
conveniently managing them has been put forth (layer 3).
No work has been done (to our knowledge) specifically on configuring
security for routing protocols (general configuration approaches clearly
exist) (layer 4).
We use the Crypto-Key-Table (CKT) defined in RFC 7210. We define two
additional databases, the Router Security Parameter Database (RSPD) and
the Router Peer Authorization Database (RPAD). Together these form the
Routing Protocol Security (RPsec) framework.
We have defined YANG modules to correspond to the contents of the CKT,
the RSPD and the RPAD. Version -00 of the draft contains most of the
motivation. Version -01 will contain details of the proposed RSPD and
RPAD contents, along with the YANG models.
We believe that this will enable no-hands-on (after initial
configuration) routing protocol security, with configurable key hygiene.
Comments from the community will be most welcome.
Bill Atwood
Nitin Prajapati
-------- Original Message --------
Subject: New Version Notification for draft-atwood-rtgwg-secure-rtg-00.txt
Date: Mon, 27 Oct 2014 15:52:11 -0700
From: <[email protected]>
To: William Atwood <[email protected]>, Nitin Prajapati
<[email protected]>, "J. William Atwood"
<[email protected]>, Nitin Prajapati <[email protected]>
A new version of I-D, draft-atwood-rtgwg-secure-rtg-00.txt
has been successfully submitted by William Atwood and posted to the
IETF repository.
Name: draft-atwood-rtgwg-secure-rtg
Revision: 00
Title: A Framework for Secure Routing Protocols
Document date: 2014-10-27
Group: Individual Submission
Pages: 9
URL:
http://www.ietf.org/internet-drafts/draft-atwood-rtgwg-secure-rtg-00.txt
Status:
https://datatracker.ietf.org/doc/draft-atwood-rtgwg-secure-rtg/
Htmlized: http://tools.ietf.org/html/draft-atwood-rtgwg-secure-rtg-00
Abstract:
When tightening the security of the core routing infrastructure, two
steps are necessary. The first is to secure the routing protocols'
packets on the wire. The second is to ensure that the keying
material for the routing protocol exchanges is distributed only to
the appropriate routers. This document specifies a way of organizing
the security parameters and a method for conveniently controlling
those parameters using YANG and NETCONF.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
rtgwg mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/rtgwg
