draft-ietf-sidr-rpki-rtr-02.txt   draft-ietf-sidr-rpki-rtr-03.txt 
Network Working Group R. Bush Network Working Group R. Bush
Internet-Draft IIJ Internet-Draft IIJ
Intended status: Standards Track R. Austein Intended status: Standards Track R. Austein
Expires: March 2, 2011 ISC Expires: May 23, 2011 ISC
August 29, 2010 November 19, 2010
The RPKI/Router Protocol The RPKI/Router Protocol
draft-ietf-sidr-rpki-rtr-02 draft-ietf-sidr-rpki-rtr-03
Abstract Abstract
In order to formally validate the origin ASes of BGP announcements, In order to formally validate the origin ASes of BGP announcements,
routers need a simple but reliable mechanism to receive RPKI routers need a simple but reliable mechanism to receive RPKI
[I-D.ietf-sidr-arch] or analogous prefix origin data from a trusted [I-D.ietf-sidr-arch] or analogous prefix origin data from a trusted
cache. This document describes a protocol to deliver validated cache. This document describes a protocol to deliver validated
prefix origin data to routers over ssh. prefix origin data to routers over ssh.
Requirements Language Requirements Language
skipping to change at page 1, line 41 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 2, 2011. This Internet-Draft will expire on May 23, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 10, line 44 skipping to change at page 10, line 44
4.10. Fields of a PDU 4.10. Fields of a PDU
PDUs contain the following data elements: PDUs contain the following data elements:
Protocol Version: An ordinal, currently 0, denoting the version of Protocol Version: An ordinal, currently 0, denoting the version of
this protocol. this protocol.
Serial Number: The serial number of the RPKI Cache when this ROA was Serial Number: The serial number of the RPKI Cache when this ROA was
received from the cache's up-stream cache server or gathered from received from the cache's up-stream cache server or gathered from
the global RPKI. A cache increments its serial number when the global RPKI. A cache increments its serial number when
completing an rcynic from a parent cache. See [RFC1982] on DNS completing an rigorously validated update from a parent cache, for
Serial Number Arithmetic for too much detail on serial number example via rcynic. See [RFC1982] on DNS Serial Number Arithmetic
arithmetic. for too much detail on serial number arithmetic.
Length: A 32 bit ordinal which has as its value the count of the Length: A 32 bit ordinal which has as its value the count of the
bytes in the entire PDU, including the eight bytes of header which bytes in the entire PDU, including the eight bytes of header which
end with the length field. end with the length field.
Flags: The lowest order bit of the Flags field is 1 for an Flags: The lowest order bit of the Flags field is 1 for an
announcement and 0 for a withdrawal, whether this PDU announces a announcement and 0 for a withdrawal, whether this PDU announces a
new right to announce the prefix or withdraws a previously new right to announce the prefix or withdraws a previously
announced right. A withdraw effectively deletes one previously announced right. A withdraw effectively deletes one previously
announced IPvX Prefix PDU with the exact same Prefix, Length, Max- announced IPvX Prefix PDU with the exact same Prefix, Length, Max-
skipping to change at page 18, line 30 skipping to change at page 18, line 30
The following terms are used with special meaning: The following terms are used with special meaning:
Global RPKI: The authoritative data of the RPKI are published in a Global RPKI: The authoritative data of the RPKI are published in a
distributed set of servers at the IANA, RIRs, NIRs, and ISPs, see distributed set of servers at the IANA, RIRs, NIRs, and ISPs, see
[I-D.ietf-sidr-repos-struct]. [I-D.ietf-sidr-repos-struct].
Non-authorative Cache: A coalesced copy of the RPKI which is Non-authorative Cache: A coalesced copy of the RPKI which is
periodically fetched/refreshed directly or indirectly from the periodically fetched/refreshed directly or indirectly from the
global RPKI using the [RFC5781] protocol/tools global RPKI using the [RFC5781] protocol/tools
Cache: The rcynic system is used to gather the distributed data of Cache: Relying party update sofcware such as rcynic is used to
the RPKI into a validated cache. Trusting this cache further is a gather and validate the distributed data of the RPKI into a cache.
matter between the provider of the cache and a relying party. Trusting this cache further is a matter between the provider of
the cache and a relying party.
Serial Number: A 32-bit monotonically increasing ordinal which wraps Serial Number: A 32-bit monotonically increasing ordinal which wraps
from 2^32-1 to 0. It denotes the logical version of a cache. A from 2^32-1 to 0. It denotes the logical version of a cache. A
cache increments the value by one when it successfully updates its cache increments the value by one when it successfully updates its
data from a parent cache or from primary RPKI data. As a cache is data from a parent cache or from primary RPKI data. As a cache is
rcynicing, new incoming data, and implicit deletes, are marked receiving, new incoming data, and implicit deletes, are marked
with the new serial but MUST not be sent until the fetch is with the new serial but MUST not be sent until the fetch is
complete. A serial number is not commensurate between caches, nor complete. A serial number is not commensurate between caches, nor
need it be maintained across resets of the cache server. See need it be maintained across resets of the cache server. See
[RFC1982] on DNS Serial Number Arithmetic for too much detail on [RFC1982] on DNS Serial Number Arithmetic for too much detail on
serial number arithmetic. serial number arithmetic.
12. IANA Considerations 12. IANA Considerations
This document requests the IANA to create a registry for PDU types. This document requests the IANA to create a registry for PDU types.
skipping to change at page 19, line 25 skipping to change at page 19, line 25
Scudder, Ruediger Volk, and David Ward. Particular thanks go to Scudder, Ruediger Volk, and David Ward. Particular thanks go to
Hannes Gredler for showing us the dangers of unnecessary fields. Hannes Gredler for showing us the dangers of unnecessary fields.
14. References 14. References
14.1. Normative References 14.1. Normative References
[I-D.ietf-sidr-roa-validation] [I-D.ietf-sidr-roa-validation]
Huston, G. and G. Michaelson, "Validation of Route Huston, G. and G. Michaelson, "Validation of Route
Origination using the Resource Certificate PKI and ROAs", Origination using the Resource Certificate PKI and ROAs",
draft-ietf-sidr-roa-validation-06 (work in progress), draft-ietf-sidr-roa-validation-10 (work in progress),
May 2010. November 2010.
[RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982, [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982,
August 1996. August 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4252] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) [RFC4252] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH)
Authentication Protocol", RFC 4252, January 2006. Authentication Protocol", RFC 4252, January 2006.
[RFC5781] Weiler, S., Ward, D., and R. Housley, "The rsync URI [RFC5781] Weiler, S., Ward, D., and R. Housley, "The rsync URI
Scheme", RFC 5781, February 2010. Scheme", RFC 5781, February 2010.
14.2. Informative References 14.2. Informative References
[I-D.ietf-sidr-arch] [I-D.ietf-sidr-arch]
Lepinski, M. and S. Kent, "An Infrastructure to Support Lepinski, M. and S. Kent, "An Infrastructure to Support
Secure Internet Routing", draft-ietf-sidr-arch-09 (work in Secure Internet Routing", draft-ietf-sidr-arch-11 (work in
progress), October 2009. progress), September 2010.
[I-D.ietf-sidr-repos-struct] [I-D.ietf-sidr-repos-struct]
Huston, G., Loomans, R., and G. Michaelson, "A Profile for Huston, G., Loomans, R., and G. Michaelson, "A Profile for
Resource Certificate Repository Structure", Resource Certificate Repository Structure",
draft-ietf-sidr-repos-struct-04 (work in progress), draft-ietf-sidr-repos-struct-06 (work in progress),
May 2010. November 2010.
[RFC1996] Vixie, P., "A Mechanism for Prompt Notification of Zone [RFC1996] Vixie, P., "A Mechanism for Prompt Notification of Zone
Changes (DNS NOTIFY)", RFC 1996, August 1996. Changes (DNS NOTIFY)", RFC 1996, August 1996.
Authors' Addresses Authors' Addresses
Randy Bush Randy Bush
Internet Initiative Japan, Inc. Internet Initiative Japan, Inc.
5147 Crystal Springs 5147 Crystal Springs
Bainbridge Island, Washington 98110 Bainbridge Island, Washington 98110
 End of changes. 9 change blocks. 
17 lines changed or deleted 18 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/