LLMpediaThe first transparent, open encyclopedia generated by LLMs

IETF SIDR Working Group

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: BGPsec Hop 4
Expansion Funnel Raw 72 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted72
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
IETF SIDR Working Group
NameSIDR Working Group
Formation2010
PurposeRouting security for inter-domain routing
Parent organizationInternet Engineering Task Force

IETF SIDR Working Group

The SIDR Working Group focused on improving routing security for the Border Gateway Protocol through specification, deployment guidance, and operational practices. It coordinated standards work among participants from Internet Engineering Task Force, Internet Architecture Board, IETF Routing Area, Regional Internet Registries, and operators from Level 3 Communications, AT&T, Verizon Communications and others. The group produced documents that intersect with efforts by RIPE NCC, ARIN, APNIC, LACNIC, and AFRINIC and informed initiatives by MANRS, NOGs and vendor projects at Cisco Systems, Juniper Networks, and Huawei Technologies Co., Ltd..

Overview

The SIDR Working Group developed standards for cryptographic attestation of inter-domain routing information addressing problems exposed by incidents such as the YouTube Pakistan outage and the 2018 Amazon Route 53 DNS outage. Membership included engineers from Google, Facebook, Cloudflare, Microsoft, NASA, Nokia, Ericsson, and academic contributors from MIT, Stanford University, UC Berkeley, and University of Cambridge. Coordination occurred alongside work at the IETF Operations and Management Area and related efforts at the Internet Society and IAB.

Goals and Scope

SIDR aimed to create mechanisms to secure the provenance and validity of Internet routing announcements by producing specifications and operational guidance compatible with existing deployments at providers such as Sprint Corporation and CenturyLink. The scope covered Resource Public Key Infrastructure interactions with registries like ARIN, RIPE NCC, and APNIC as well as the integration with routing protocols used by NTT Communications, T-Mobile, and content providers including Akamai Technologies and Fastly.

Technical Work and Specifications

The WG standardized the Resource Public Key Infrastructure (RPKI) model for prefix origin validation, produced documents on Route Origin Authorizations and Certificate Policy aligned with work by IETF RFC 3779 authors and implementers at BGP vendors such as Cisco Systems and Juniper Networks. Specifications included algorithms and data models interoperable with tools developed by OpenBSD, Quagga, FRRouting, and measurement platforms at RIPE Atlas and CAIDA. The WG defined interactions with BGPSEC proposals and addressed cryptographic mechanisms referencing X.509 certificate profiles used by ICANN-coordinated registries.

Deployment and Operational Considerations

SIDR provided operational guidance for incremental deployment across networks operated by Level 3 Communications, Cogent Communications, NTT Communications, and cloud operators like Amazon Web Services and Google Cloud Platform. Guidance covered route filtering, validation policies, and ROA management interoperable with software from Cisco Systems, Juniper Networks, Arista Networks, and open-source projects maintained by IETF SECDIR contributors. The group also addressed measurement and monitoring using platforms like RIPE Atlas, CAIDA, RouteViews, and community efforts led by NANOG and USENIX conference participants.

Security and Threat Model

The SIDR threat model considered origin validation bypass, mis-announcements exemplified by incidents involving Pakistan Telecommunication Company Limited and hijacks affecting traffic to YouTube, as well as deliberate attacks similar in impact to events studied by CAIDA and RIPE NCC. The WG's mitigations involved cryptographic attestations provided by RPKI certificates and ROAs, procedures for key rollover informed by practices at IANA and ICANN, and operational controls consistent with advice from NIST and incident analyses presented at Black Hat and DEF CON by researchers from University of Oxford and ETH Zurich.

History and Milestones

Key milestones included publication of RFCs and working group drafts that defined RPKI objects and operational profiles, engagement with registry operators such as ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC, and collaboration with the IETF SIDROPS Working Group and IETF BESS Working Group on related operational issues. Significant events tracked by the WG included large-scale route leaks reported to NANOG, measurement studies by CAIDA, and cross-industry deployment campaigns promoted at meetings of IETF, NOGs, and industry consortiums including MANRS.

Participants and Governance

Participants ranged from engineers at Google, Facebook, Cloudflare, Amazon Web Services, Microsoft to operators at Level 3 Communications and registries such as ARIN and RIPE NCC. Governance followed IETF processes under the stewardship of chairs and area directors from the IETF Routing Area and coordination with the IETF Trust and the Internet Society. Document authors and editors came from organizations including Cisco Systems, Juniper Networks, NTT Communications, RIPE NCC, ARIN, APNIC, and academic institutions like MIT and Stanford University.

Category:Internet Engineering Task Force working groups