Network Working Group C. Alaettinoglu
Request for Comments: 2754 USC/ISI
Category: Informational C. Villamizar
Avici Systems
R. Govindan
USC/ISI
January 2000
Network Working Group C. Alaettinoglu
Request for Comments: 2754 USC/ISI
Category: Informational C. Villamizar
Avici Systems
R. Govindan
USC/ISI
January 2000
RPS IANA Issues
RPS IANA问题
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
Abstract
摘要
RPS Security [2] requires certain RPSL [1] objects in the IRR to be hierarchically delegated. The set of objects that are at the root of this hierarchy needs to be created and digitally signed by IANA. This paper presents these seed objects and lists operations required from IANA.
RPS安全[2]要求IRR中的某些RPSL[1]对象按层次进行委派。此层次结构的根对象集需要由IANA创建和数字签名。本文介绍了这些种子对象,并列出了IANA所需的操作。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不得”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119中的说明进行解释。
1 Initial Seed
1初始种子
A public key of IANA needs to be distributed with the software implementations of Distributed Routing Policy System [3]. An initial set of seed objects are needed to be signed with this key. The following transaction (the transaction format is defined in [3]) contains these objects and is signed by this key:
IANA的公钥需要与分布式路由策略系统的软件实现一起分发[3]。需要使用此密钥对初始种子对象集进行签名。以下事务(事务格式在[3]中定义)包含这些对象,并由该键签名:
mntner: mnt-iana
descr: iana's maintainer
admin-c: JKR1
tech-c: JKR1
upd-to: JKRey@ISI.EDU
mnt-nfy: JKRey@ISI.EDU
auth: pgpkey-7F6AA1B9
mnt-by: mnt-iana
referral-by: mnt-iana
source: IANA
mntner: mnt-iana
descr: iana's maintainer
admin-c: JKR1
tech-c: JKR1
upd-to: JKRey@ISI.EDU
mnt-nfy: JKRey@ISI.EDU
auth: pgpkey-7F6AA1B9
mnt-by: mnt-iana
referral-by: mnt-iana
source: IANA
key-cert: pgpkey-7F6AA1B9
method: pgp
owner: iana-root (est. Nov 98) <iana@iana.org>
fingerpr: 71 09 2E 37 71 B8 0A 9C 3B 28 98 B4 F1 21 13 BB
certif: # this is the real IANA key
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: 2.6.2
+
+ mQCNAzZJ52sAAAEEAJ//C01YnlaGuXyrC16V7FphkRvBmcNU22TPOzrKnKjnWjH5
+ sJ5UQnGOpyhDc796gqBjY+lTLvPB9sFGJPWgxfNk2JQaxxLTD+tfqSsiURc/srpp
+ XohFAVR/fez8MOecISwvNpFh5VADuFuoNi7ZLuOwVTC4tM5RU0NJa8l/aqG5AAUR
+ tCdpYW5hLXJvb3QgKGVzdC4gTm92IDk4KSA8aWFuYUBpYW5hLm9yZz4=
+ =sF4q
+ -----END PGP PUBLIC KEY BLOCK-----
mnt-by: mnt-iana
source: IANA
key-cert: pgpkey-7F6AA1B9
method: pgp
owner: iana-root (est. Nov 98) <iana@iana.org>
fingerpr: 71 09 2E 37 71 B8 0A 9C 3B 28 98 B4 F1 21 13 BB
certif: # this is the real IANA key
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: 2.6.2
+
+ mQCNAzZJ52sAAAEEAJ//C01YnlaGuXyrC16V7FphkRvBmcNU22TPOzrKnKjnWjH5
+ sJ5UQnGOpyhDc796gqBjY+lTLvPB9sFGJPWgxfNk2JQaxxLTD+tfqSsiURc/srpp
+ XohFAVR/fez8MOecISwvNpFh5VADuFuoNi7ZLuOwVTC4tM5RU0NJa8l/aqG5AAUR
+ tCdpYW5hLXJvb3QgKGVzdC4gTm92IDk4KSA8aWFuYUBpYW5hLm9yZz4=
+ =sF4q
+ -----END PGP PUBLIC KEY BLOCK-----
mnt-by: mnt-iana
source: IANA
repository: IANA
repository-cert: PGPKEY-88BAC849
query-address: http://www.iana.org
response-auth-type: none
submit-address: http://www.iana.org
submit-auth-type: none
expire: 0000 04:00:00
heartbeat-interval: 0000 01:00:00
admin-c: JKR1
tech-c: JKR1
mnt-by: mnt-iana
source: IANA
repository: IANA
repository-cert: PGPKEY-88BAC849
query-address: http://www.iana.org
response-auth-type: none
submit-address: http://www.iana.org
submit-auth-type: none
expire: 0000 04:00:00
heartbeat-interval: 0000 01:00:00
admin-c: JKR1
tech-c: JKR1
mnt-by: mnt-iana
source: IANA
as-block: AS0 - AS65535 descr: as number space country: us admin-c: JKR1 tech-c: JKR1 status: UNALLOCATED source: IANA mnt-by: mnt-iana mnt-lower: mnt-iana
as块:AS0-AS65535描述:as编号空间国家/地区:美国管理员-c:JKR1技术-c:JKR1状态:未分配来源:IANA mnt by:mnt IANA mnt lower:mnt IANA
inetnum: 0.0.0.0 - 255.255.255.255 netname: Internet descr: ip number space country: us admin-c: JKR1 tech-c: JKR1 status: UNALLOCATED source: IANA mnt-by: mnt-iana mnt-lower: mnt-iana
inetnum:0.0.0.0-255.255.255网络名称:Internet描述:ip号码空间国家/地区:美国管理员-c:JKR1技术-c:JKR1状态:未分配来源:IANA mnt作者:mnt IANA mnt下限:mnt IANA
timestamp: 19991001 01:00:00 +00:00
timestamp: 19991001 01:00:00 +00:00
signature:
+ -----BEGIN PGP SIGNATURE-----
+ Version: 2.6.2
+
+ iQCVAwUBOAd3YENJa8l/aqG5AQFVdAP9Ho2TSLGXiDi6v1McsKY4obO32EtP44Jv
+ tpNWiRRz47WIpMBmzUrQajBDNNXzwq9r9mGC75Pg0MMwTDfvA47o6mnIGdT9XyZz
+ s9HlDGOqhklIjHOxXFDrBiz3u7eWEf3vmDCXt6UYg9lUtRKefkWtR5wD1Q1zDMSc
+ 7Ya7PE6X8SU=
+ =sAft
+ -----END PGP SIGNATURE-----
signature:
+ -----BEGIN PGP SIGNATURE-----
+ Version: 2.6.2
+
+ iQCVAwUBOAd3YENJa8l/aqG5AQFVdAP9Ho2TSLGXiDi6v1McsKY4obO32EtP44Jv
+ tpNWiRRz47WIpMBmzUrQajBDNNXzwq9r9mGC75Pg0MMwTDfvA47o6mnIGdT9XyZz
+ s9HlDGOqhklIjHOxXFDrBiz3u7eWEf3vmDCXt6UYg9lUtRKefkWtR5wD1Q1zDMSc
+ 7Ya7PE6X8SU=
+ =sAft
+ -----END PGP SIGNATURE-----
The above text has no extra white space characters at the end of each line, and contains no tab characters. All blank line sequences contain only a single blank line. The page break in the text is also a single blank line.
上面的文本在每行末尾没有额外的空格字符,并且不包含制表符。所有空行序列仅包含一个空行。文本中的分页符也是一个空行。
In this case, we assumed that IANA runs its own repository. However this is not a requirement. Instead, it may publish this transaction with an existing routing registry.
在本例中,我们假设IANA运行自己的存储库。然而,这不是一项要求。相反,它可以使用现有路由注册表发布此事务。
2 IANA Assignments
2 IANA作业
Each time IANA makes an assignment, it needs to create inetnum and as-block objects as appropriate and digitally sign them using the key in its key-cert object. For example:
每次IANA进行分配时,它都需要创建inetnum和as块对象(视情况而定),并使用其密钥证书对象中的密钥对它们进行数字签名。例如:
as-block: AS0 - AS500 descr: arin's space country: us status: ALLOCATED source: iana delegated: arin mnt-by: mnt-iana
as块:AS0-AS500描述:arin的空间国家:美国状态:分配来源:iana委托:arin mnt由:mnt iana
inetnum: 128.0.0.0 - 128.255.255.255 netname: Internet portion descr: ip number space country: us status: ALLOCATED source: iana delegated: arin mnt-by: mnt-iana
inetnum:128.0.0.0-128.255.255.255网络名称:互联网部分描述:ip号码空间国家/地区:美国状态:分配来源:iana委托:arin mnt by:mnt iana
3 Creating Routing Repositories
3创建路由存储库
To enable a new routing repository, a repository object, a maintainer object and a key-cert object need to be created and digitally signed by IANA. For example:
要启用新的路由存储库,需要创建存储库对象、维护者对象和密钥证书对象,并由IANA进行数字签名。例如:
mntner: mnt-ripe
descr: RIPE's maintainer
auth: <ripe's choice>
mnt-by: mnt-ripe
referral-by: mnt-iana
admin-c: . . .
tech-c: . . .
upd-to: . . .
mnt-nfy: . . .
source: RIPE
mntner: mnt-ripe
descr: RIPE's maintainer
auth: <ripe's choice>
mnt-by: mnt-ripe
referral-by: mnt-iana
admin-c: . . .
tech-c: . . .
upd-to: . . .
mnt-nfy: . . .
source: RIPE
key-cert: pgpkey-979979
method: pgp
owner: . . .
fingerpr: . . .
certif: # this key is for illustration only
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: PGP for Personal Privacy 5.0
+
+ . . .
+ -----END PGP PUBLIC KEY BLOCK-----
mnt-by: mnt-ripe
source: RIPE
key-cert: pgpkey-979979
method: pgp
owner: . . .
fingerpr: . . .
certif: # this key is for illustration only
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: PGP for Personal Privacy 5.0
+
+ . . .
+ -----END PGP PUBLIC KEY BLOCK-----
mnt-by: mnt-ripe
source: RIPE
repository: RIPE
query-address: whois://whois.ripe.net
response-auth-type: PGPKEY-23F5CE35 # pointer to key-cert object
response-auth-type: none
remarks: you can request rsa signature on queries
remarks: PGP required on submissions
submit-address: mailto://auto-dbm@ripe.net
submit-address: rps-query://whois.ripe.net:43
submit-auth-type: pgp-key, crypt-pw, mail-from
remarks: these are the authentication types supported
mnt-by: maint-ripe-db
expire: 0000 04:00:00
heartbeat-interval: 0000 01:00:00
...
remarks: admin and technical contact, etc
source: RIPE
repository: RIPE
query-address: whois://whois.ripe.net
response-auth-type: PGPKEY-23F5CE35 # pointer to key-cert object
response-auth-type: none
remarks: you can request rsa signature on queries
remarks: PGP required on submissions
submit-address: mailto://auto-dbm@ripe.net
submit-address: rps-query://whois.ripe.net:43
submit-auth-type: pgp-key, crypt-pw, mail-from
remarks: these are the authentication types supported
mnt-by: maint-ripe-db
expire: 0000 04:00:00
heartbeat-interval: 0000 01:00:00
...
remarks: admin and technical contact, etc
source: RIPE
This very first transaction of a new repository is placed in the new repository, not in the IANA repository.
新存储库的第一个事务放在新存储库中,而不是IANA存储库中。
4 Security Considerations
4安全考虑
Routing policy system security document [2] defines an hierarchical authorization model for objects stored in the routing registries. This document specifies the seed objects and the actions need to be taken by IANA to maintain the root of that authorization hierarchy.
路由策略系统安全文档[2]为存储在路由注册表中的对象定义了分层授权模型。本文档指定了IANA需要采取的种子对象和操作,以维护该授权层次结构的根。
5 IANA Considerations
5 IANA考虑因素
This whole document is for detailed consideration by IANA.
整个文件供IANA详细考虑。
References
工具书类
[1] Alaettinoglu, C., Bates, T., Gerich, E., Karrenberg, D., Meyer, D., Terpstra, M. and C. Villamizar, "Routing Policy Specification Language (RPSL)", RFC 2622, June 1999.
[1] Alaettinoglu,C.,Bates,T.,Gerich,E.,Karrenberg,D.,Meyer,D.,Terpstra,M.和C.Villamizar,“路由策略规范语言(RPSL)”,RFC 2622,1999年6月。
[2] Villamizar, C., Alaettinouglu, C., Meyer, D., Murphy, S. and C. Orange, "Routing Policy System Security", RFC 2725, December 1999.
[2] Villamizar,C.,Alaettinouglu,C.,Meyer,D.,Murphy,S.和C.Orange,“路由策略系统安全”,RFC 27251999年12月。
[3] Villamizar, C., Alaettinouglu, C., Govindan, R. and D. Meyer, "Distributed Routing Policy System", Work in Progress.
[3] Villamizar,C.,Alaettinouglu,C.,Govindan,R.和D.Meyer,“分布式路由策略系统”,正在进行中。
6 Authors' Addresses
6作者地址
Cengiz Alaettinoglu USC Information Sciences Institute
美国南加州大学信息科学研究所
EMail: cengiz@isi.edu
EMail: cengiz@isi.edu
Curtis Villamizar Avici Systems
Curtis Villamizar Avici系统公司
EMail: curtis@avici.com
EMail: curtis@avici.com
Ramesh Govindan USC Information Sciences Institute
拉梅什·戈文丹南加州大学信息科学研究所
EMail: govindan@isi.edu
EMail: govindan@isi.edu
7 Notices
7通知
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何努力来确定任何此类权利。有关IETF在标准跟踪和标准相关文件中权利的程序信息,请参见BCP-11。可从IETF秘书处获得可供发布的权利声明副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果。
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涉及实施本标准所需技术的专有权利。请将信息发送给IETF执行董事。
8 Full Copyright Statement
8完整版权声明
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。