RFC 2725 Routing Policy System Security December 1999 Table of Contents 1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . 3 2 Background . . . . . . . . . . . . . . . . . . . . . . . . 3 3 Implicit Policy Assumptions . . . . . . . . . . . . . . . . 5 4 Scope of Security Coverage . . . . . . . . . . . . . . . . 5 5 Organization of this Document . . . . . . . . . . . . . . 6 6 Goals and Requirements . . . . . . . . . . . . . . . . . . 6 7 Data Representation . . . . . . . . . . . . . . . . . . . . 10 8 Authentication Model . . . . . . . . . . . . . . . . . . . 10 9 Authorization Model . . . . . . . . . . . . . . . . . . . . 12 9.1 Maintainer Objects . . . . . . . . . . . . . . . . . . 12 9.2 as-block and aut-num objects . . . . . . . . . . . . . 13 9.3 inetnum objects . . . . . . . . . . . . . . . . . . . 13 9.4 route objects . . . . . . . . . . . . . . . . . . . . 14 9.5 reclaim and no-reclaim attributes . . . . . . . . . . 14 9.6 Other Objects . . . . . . . . . . . . . . . . . . . . 15 9.7 Objects with AS Hierarchical Names . . . . . . . . . . 16 9.8 Query Processing . . . . . . . . . . . . . . . . . . . 16 9.9 Adding to the Database . . . . . . . . . . . . . . . . 17 9.10 Modifying or Deleting Database Objects . . . . . . . . 19 10 Data Format Summaries . . . . . . . . . . . . . . . . . . 20 10.1 Changes to the RIPE/RPSL Schema . . . . . . . . . . . 20 Appendicies A Core and Non-Core Functionality . . . . . . . . . . . . . . 23 B Examples . . . . . . . . . . . . . . . . . . . . . . . . . 23 C Technical Discussion . . . . . . . . . . . . . . . . . . . 26 C.1 Relaxing requirements for ease of registry . . . . . 27 C.2 The address lending issue . . . . . . . . . . . . . . 28 C.3 Dealing with non-conformant or questionable older data . . . . . . . . . . . . . . . . . . . . . . . . . 29 D Common Operational Cases . . . . . . . . . . . . . . . . . 30 D.1 simple hierarchical address allocation and route allocation . . . . . . . . . . . . . . . . . . . . . . 31 D.2 aggregation and multihomed more specific routes . . . 32 D.3 provider independent addresses and multiple origin AS . . . . . . . . . . . . . . . . . . . . . . . . . . 32 D.4 change in Internet service provider . . . . . . . . . 32 D.5 renumbering grace periods . . . . . . . . . . . . . . 32 E Deployment Considerations . . . . . . . . . . . . . . . . . 33 F Route Object Authorization Pseudocode . . . . . . . . . . . 35 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 37 Intellectual Property Notice . . . . . . . . . . . . . . . . . 38 References . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Security Considerations . . . . . . . . . . . . . . . . . . . 40 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 40 Full Copyright Statement . . . . . . . . . . . . . . . . . . 41 Villamizar, et al. Standards Track