Hi,
As discussed in the meeting, it might make sense to scope the
architecture document in such a manner that the document doesn't need
to be in progress while the more specific secure routing work goes on.
I believe this recasting needs to start from the basics (preferably
from the draft name but changing that isn't probably worth it),
because the current Title and Abstract can be read to describe secure
internet routing infrastructure, which it doesn't really do in the
wider interpretation.
Replace title:
An Infrastructure to Support Secure Internet Routing
with e.g.:
A Public Key Infrastructure to Describe Route Origination
Authorizations
I don't see a need to have Secure Internet Routing in the title at
all; it is prone to mislead the user.
Similar recasting should be applied in Abstract and Introduction, e.g.
with Abstract:
Abstract
This document describes an architecture for an infrastructure to
support secure Internet routing. The foundation of this architecture
is a public key infrastructure (PKI) that represents the allocation
hierarchy of IP address space and Autonomous System Numbers;
certificates from this PKI are used to verify signed objects that
authorize autonomous systems to originate routes for specified IP
address prefixes. The data objects that comprise the PKI, as well as
other signed objects necessary for secure routing, are stored and
disseminated through a distributed repository system. This document
also describes at a high level how this architecture can be used to
add security features to common operations such as IP address space
allocation and route filter construction.
Replace with (also summarizing it a bit):
This document describes a public key infrastructure (PKI), the
certificates of which could be used to verify signed objects that
authorize autonomous systems to originate routes for specified IP
address prefixes. These and supporting data objects can be stored and
disseminated through a distributed repository system.
Possibly also keep the last sentence, but this is a bit of can of
worms because these mechanisms have already been described as
incomplete (and to avoid this can of worms, some text in section 7.2
and 7.3 could possibly be removed or reworded):
This document
also describes at a high level how this architecture can be used to
add security features to common operations such as IP address space
allocation and route filter construction.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
Sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
