This document describes an architecture for an infrastructure to
support improved security of Internet routing. The foundation of this
architecture is a public key infrastructure (PKI) that represents the
allocation hierarchy of IP address space and Autonomous System (AS)
Numbers; and a distributed repository system for storing and
disseminating the data objects that comprise the PKI, as well as
other signed objects necessary for improved routing security. As an
initial application of this architecture, the document describes how
a legitimate holder of IP address space can explicitly and verifiably
authorize one or more ASes to originate routes to that address space.
Such verifiable authorizations could be used, for example, to more
securely construct BGP route filters.
Working Group Summary
This draft's first version came early in the working group history.
It has been presented many times and has gone through many versions
but the outline remains essentially the same, indicating consistency
in the working group thinking.
The document is well written and clear. It does not describe a protocol,
so there are no "implementations" per se. However, it serves as the
reference point for the other working group drafts, so the authors of
this draft and the authors of the other drafts have worked to ensure
that they remain mutually consistent.
Several implementations exist of the PKI expressed in this architecture.
Implementation experience has been reflected in changes in the
Sandra Murphy is the Document Shepherd for this document.
Stewart Bryant is the Responsible Area Director.