Randyet al.,
In hopes of restarting work on this draft, here is proposed text for
section 4. This is an attempt to integrate the original text with the
comments to the list submitted back in Feb 2014. My apologies if I've
mis-understood the original draft text or the comments. Does this
correctly and clearly describe the use cases?
4. Use Cases
Case 1:
Organization C finds that its CA certificate has been revoked (or
modified to remove resources) by the RIR (or ISP) that issued it.
Or, if C has outsourced its CA operations, C finds that one of its
children's certificates has been revoked (or modified to remove
resources).C disagrees with this action and would like relying
parties to be able to ignore, at their discretion, the certificate
revocation (or modification). The revocation or modification could be:
* unintentional, i.e., due to an error by RIR (or ISP) staff
* malicious, i.e., done with the intent to cause problems,
which could be aimed at C or some other entity.
* mandated by a law enforcement agency in the jurisdiction
where the RIR (or ISP) operates
For example, Carol, a RIPE resource holder (LIR, PI holder, ...), is
a victim of the "Dutch Court Attack." Someone has convinced a Dutch
court to forcethe RIPE/NCC to remove or modify some or all of
Carol's certificates, ROAs, etc. or the resources they represent.
However, the operational community wants to retain the ability to
route to Carol's network(s).
Case 2:
Organization B makes use of private address space (RFC 1918) or
address space allocated to another party but not globally announced
by that party or by B. B wants its routers to be able to use RPKI
data for both internal routing to these addresses and for global
routing.
Case 3:
Organization A is authorized to control the routing of traffic from
a set of organizations (within A's administrative control) to the
rest of the Internet. A wants traffic from these organizations that
is destined for a set of prefixes outside of A's administrative
control to be routed to other addresses, or to be dropped. A
accomplishes this by controlling the UPDATEs sent to those
organizations. Because these organizations use the RPKI, A needs a
way to coordinate their use of the RPKI in support of A’s traffic
management goals.
For example, Alice runs the network operations for a large
consortium X. Her management requests that traffic (from X's
members) that is destined for a competitor's site, be re-directed to
a site approved by X. To do this,Alice has to ensure that the RPKI
has the appropriate certificates, ROAs, etc. for those approved
addresses as well as for the rest of the Internet.
Thank you,
Karen
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
