[Sidr] Architecture document: narrowing the scope

Pekka Savola <pekkas@netcore.fi> Mon, 10 March 2008 23:03 UTC

Return-Path: <sidr-bounces@ietf.org>
X-Original-To: ietfarch-sidr-archive@core3.amsl.com
Delivered-To: ietfarch-sidr-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9567E3A6AAD; Mon, 10 Mar 2008 16:03:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.746
X-Spam-Level:
X-Spam-Status: No, score=-100.746 tagged_above=-999 required=5 tests=[AWL=-0.309, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iaAM7IjslaZg; Mon, 10 Mar 2008 16:03:30 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 876F93A6A81; Mon, 10 Mar 2008 16:03:27 -0700 (PDT)
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A05043A6AAD for <sidr@core3.amsl.com>; Mon, 10 Mar 2008 16:03:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D2QCoR6bBOkt for <sidr@core3.amsl.com>; Mon, 10 Mar 2008 16:03:19 -0700 (PDT)
Received: from netcore.fi (eunet-gw.ipv6.netcore.fi [IPv6:2001:670:86:3001::1]) by core3.amsl.com (Postfix) with ESMTP id 744843A6CDB for <sidr@ietf.org>; Mon, 10 Mar 2008 16:02:05 -0700 (PDT)
Received: from netcore.fi (localhost [127.0.0.1]) by netcore.fi (8.13.8/8.13.8) with ESMTP id m2AMxgqs027233 for <sidr@ietf.org>; Tue, 11 Mar 2008 00:59:42 +0200
Received: from localhost (pekkas@localhost) by netcore.fi (8.13.8/8.13.8/Submit) with ESMTP id m2AMxghp027230 for <sidr@ietf.org>; Tue, 11 Mar 2008 00:59:42 +0200
Date: Tue, 11 Mar 2008 00:59:41 +0200
From: Pekka Savola <pekkas@netcore.fi>
To: sidr@ietf.org
Message-ID: <alpine.LRH.1.00.0803110039560.26663@netcore.fi>
User-Agent: Alpine 1.00 (LRH 882 2007-12-20)
MIME-Version: 1.0
X-Virus-Scanned: ClamAV 0.92.1/6188/Sun Mar 9 21:28:13 2008 on otso.netcore.fi
X-Virus-Status: Clean
Subject: [Sidr] Architecture document: narrowing the scope
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org

Hi,

As discussed in the meeting, it might make sense to scope the 
architecture document in such a manner that the document doesn't need 
to be in progress while the more specific secure routing work goes on.

I believe this recasting needs to start from the basics (preferably 
from the draft name but changing that isn't probably worth it), 
because the current Title and Abstract can be read to describe secure 
internet routing infrastructure, which it doesn't really do in the 
wider interpretation.

Replace title:

   An Infrastructure to Support Secure Internet Routing

with e.g.:

   A Public Key Infrastructure to Describe Route Origination
   Authorizations

I don't see a need to have Secure Internet Routing in the title at 
all; it is prone to mislead the user.

Similar recasting should be applied in Abstract and Introduction, e.g. 
with Abstract:

Abstract

    This document describes an architecture for an infrastructure to
    support secure Internet routing. The foundation of this architecture
    is a public key infrastructure (PKI) that represents the allocation
    hierarchy of IP address space and Autonomous System Numbers;
    certificates from this PKI are used to verify signed objects that
    authorize autonomous systems to originate routes for specified IP
    address prefixes. The data objects that comprise the PKI, as well as
    other signed objects necessary for secure routing, are stored and
    disseminated through a distributed repository system. This document
    also describes at a high level how this architecture can be used to
    add security features to common operations such as IP address space
    allocation and route filter construction.

Replace with (also summarizing it a bit):

    This document describes a public key infrastructure (PKI), the
    certificates of which could be used to verify signed objects that
    authorize autonomous systems to originate routes for specified IP
    address prefixes.  These and supporting data objects can be stored and
    disseminated through a distributed repository system.

Possibly also keep the last sentence, but this is a bit of can of 
worms because these mechanisms have already been described as 
incomplete (and to avoid this can of worms, some text in section 7.2 
and 7.3 could possibly be removed or reworded):

                                                         This document
    also describes at a high level how this architecture can be used to
    add security features to common operations such as IP address space
    allocation and route filter construction.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
Sidr mailing list
Sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr