On 11/9/2010 2:00 PM, [email protected] wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title : A Profile for Route Origin Authorizations (ROAs)
Author(s) : M. Lepinski, et al.
Filename : draft-ietf-sidr-roa-format-09.txt
Pages : 9
Date : 2010-11-08
This document defines a standard profile for Route Origin
Authorizations (ROAs). A ROA is a digitally signed object that
provides a means of verifying that an IP address block holder has
authorized an Autonomous System (AS) to originate routes to that one
or more prefixes within the address block.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-sidr-roa-format-09.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
As long as the two get addressed before IETF LC, I think that this
document is ready to progress out of the WG. The third is editorial and
left to the discretion of the authors.
#1: Need and ASN.1 module like the sidr-manifest draft.
#2: Refer to 6019 vice 4049. 6019 obsoleted 4049.
#3: (editorial)
OLD:
The right of the ROA signer to authorize the target AS to originate
routes to the prefix(es) is established through use of the address space
and AS number PKI described in [ARCH]. Specifically one MUST verify the
signature on the ROA using an X.509 certificate issued under this PKI,
and check that the prefix(es) in the ROA match those in the address
space extension in the certificate.
NEW:
The right of the ROA signer to authorize the target AS to originate
routes to the prefix(es) is established through use of the address space
and AS number in RPKI certificates as described in [ARCH]. Specifically
one MUST verify the signature on the ROA using an RPKI certificate, and
check that the prefix(es) in the ROA match those in the address space
extension in the certificate.
spt
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
