draft-ietf-sidr-lta-use-cases-03.txt   draft-ietf-sidr-lta-use-cases-04.txt 
Network Working Group R. Bush Network Working Group R. Bush
Internet-Draft Internet Initiative Japan Internet-Draft Internet Initiative Japan
Intended status: Informational June 24, 2015 Intended status: Informational December 15, 2015
Expires: December 26, 2015 Expires: June 17, 2016
RPKI Local Trust Anchor Use Cases RPKI Local Trust Anchor Use Cases
draft-ietf-sidr-lta-use-cases-03 draft-ietf-sidr-lta-use-cases-04
Abstract Abstract
There are a number of critical circumstances where a localized There are a number of critical circumstances where a localized
routing domain needs to augment or modify its view of the Global routing domain needs to augment or modify its view of the Global
RPKI. This document attempts to outline a few of them. RPKI. This document attempts to outline a few of them.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 32 skipping to change at page 1, line 32
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 26, 2015. This Internet-Draft will expire on June 17, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 25 skipping to change at page 2, line 25
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
9.1. Normative References . . . . . . . . . . . . . . . . . . 4 9.1. Normative References . . . . . . . . . . . . . . . . . . 4
9.2. Informative References . . . . . . . . . . . . . . . . . 5 9.2. Informative References . . . . . . . . . . . . . . . . . 5
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction 1. Introduction
Today RPKI-based Origin Validation, [RFC6811], relies on widespread Today RPKI-based Origin Validation, [RFC6811], relies on widespread
deployment of the Global Resource Public Key Infrastructure (RPKI), deployment of the Global Resource Public Key Infrastructure (RPKI),
[RFC6480]. In the future, RPKI-based Path Validation, [RFC6480]. In the future, RPKI-based Path Validation,
[I-D.lepinski-bgpsec-overview], will be even more reliant on the [I-D.ietf-sidr-bgpsec-overview], will be even more reliant on the
Global RPKI. Global RPKI.
But there are critical circumstances in which a local, clearly- But there are critical circumstances in which a local, clearly-
scoped, administrative and/or routing domain will want to augment scoped, administrative and/or routing domain will want to augment
and/or modify their internal view of the Global RPKI. and/or modify their internal view of the Global RPKI.
This document attempts to lay out a few of those use cases. It is This document attempts to lay out a few of those use cases. It is
not intended to be authoritative, complete, or to become a standard. not intended to be authoritative, complete, or to become a standard.
It merely tries to lay out a few critical examples to help frame the It merely tries to lay out a few critical examples to help frame the
issues. issues.
skipping to change at page 4, line 14 skipping to change at page 4, line 14
The goal is to modify, create, and/or replace ROAs and GhostBuster The goal is to modify, create, and/or replace ROAs and GhostBuster
Records which are needed to present the localized view of the RPKI Records which are needed to present the localized view of the RPKI
data. data.
One wants to reproduce only as much of the Global RPKI as needed. One wants to reproduce only as much of the Global RPKI as needed.
Replicating more than is needed would amplify tracking and Replicating more than is needed would amplify tracking and
maintenance. maintenance.
One can not reissue down from the root trust anchor at the IANA or One can not reissue down from the root trust anchor at the IANA or
from the RIRs' certificates because one do not have the private keys from the RIRs' certificates because one does not have the private
required. So one has to create a new trust anchor which, for ease of keys required. So one has to create a new trust anchor which, for
use, will contain the new/modified certificates and ROAs as well as ease of use, will contain the new/modified certificates and ROAs as
the unmodified remainder of the Global RPKI. well as the unmodified remainder of the Global RPKI.
Because Alice, Bob, and Carol want to be able to archive, reproduce, Because Alice, Bob, and Carol want to be able to archive, reproduce,
and send to other operators the data necessary to reproduce their and send to other operators the data necessary to reproduce their
modified view of the global RPKI, there will need to be a formally modified view of the global RPKI, there will need to be a formally
formally defined set of data which is input to a well-defined process formally defined set of data which is input to a well-defined process
to take an existing Global RPKI tree and produce the desired modified to take an existing Global RPKI tree and produce the desired modified
re-anchored tree. re-anchored tree.
It is possible that an operator may need to accept and process It is possible that an operator may need to accept and process
modification data from more than one source. Hence modification modification data from more than one source. Hence modification
skipping to change at page 4, line 43 skipping to change at page 4, line 43
within a constrained local context. within a constrained local context.
Authentication of modification 'recipes' will be needed. Authentication of modification 'recipes' will be needed.
7. IANA Considerations 7. IANA Considerations
This document has no IANA Considerations. This document has no IANA Considerations.
8. Acknowledgments 8. Acknowledgments
The author wishes to thank Rob Austein, Steve Kent, and Karen Seo. The author thanks Chris Morrow, Karen Seo, Rob Austein, and Steve
Kent for comments and suggestions.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support [RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support
Secure Internet Routing", RFC 6480, February 2012. Secure Internet Routing", RFC 6480, February 2012.
[RFC6481] Huston, G., Loomans, R., and G. Michaelson, "A Profile for [RFC6481] Huston, G., Loomans, R., and G. Michaelson, "A Profile for
Resource Certificate Repository Structure", RFC 6481, Resource Certificate Repository Structure", RFC 6481,
skipping to change at page 5, line 21 skipping to change at page 5, line 21
[RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI) [RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI)
Ghostbusters Record", RFC 6493, February 2012. Ghostbusters Record", RFC 6493, February 2012.
[RFC6811] Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R. [RFC6811] Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R.
Austein, "BGP Prefix Origin Validation", RFC 6811, January Austein, "BGP Prefix Origin Validation", RFC 6811, January
2013. 2013.
9.2. Informative References 9.2. Informative References
[I-D.lepinski-bgpsec-overview] [I-D.ietf-sidr-bgpsec-overview]
Lepinski, M. and S. Turner, "An Overview of BGPSEC", Lepinski, M. and S. Turner, "An Overview of BGPSEC",
draft-lepinski-bgpsec-overview-00 (work in progress), draft-ietf-sidr-bgpsec-overview-02 (work in progress), May
March 2011. 2012.
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
and E. Lear, "Address Allocation for Private Internets", and E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996. BCP 5, RFC 1918, February 1996.
Author's Address Author's Address
Randy Bush Randy Bush
Internet Initiative Japan Internet Initiative Japan
5147 Crystal Springs 5147 Crystal Springs
 End of changes. 8 change blocks. 
13 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/