组织:中国互动出版网(http://www.china-pub.com/)
RFC文档中文翻译计划(http://www.china-pub.com/compters/emook/aboutemook.htm)
E-mail:ouyang@china-pub.com
译者:牛韬(NT niutao@sohu.com) 王安鹏 (anpengwang )
译文发布时间:2001-7-1
版权:本中文翻译文档版权归中国互动出版网所有。可以用于非商业用途自由转载,但必须
保留本文档的翻译及版权信息。
Network Working Group C. Alaettinoglu
Request for Comments: 2754 USC/ISI
Category: Informational C. Villamizar
Avici Systems
R. Govindan
USC/ISI
January 2000
RPS IANA的发布
(RFC2754—RPS IANA's Issues)
本备忘录的状态
本备忘录为Internet社区提供资讯,但没有定义任何Internet标准。本备忘录的发布
不受限制。
版权宣告
Copyright (C) The Internet Society (2000). All Rights Reserved.
摘要
RPS加密[2]要求IRR的特定RPSL[1]对象以逐级授权。这个层级的根中的对象集必须创
建并通过IANA数字签名。本文介绍了这些种子对象并列出了IANA要求的操作。
本文档中的关键字“必须”、“不得”、“要求的”、“应”、“不应”、“需”、“无需”、“建议”、
“可以”和“可选”按照RFC2119的解释。
目录
1 初始种子(Initial Seed) 2
2 IANA分配(IANA Assignments) 4
3 创建路由资料库(Creating Routing Repositories) 4
4 安全考虑(Security Considerations) 5
5 IANA的意见(IANA Considerations) 5
6 作者地址(Authors' Addresses) 6
7.注意(Notices) 6
8、 全部版权声明 7
1 初始种子(Initial Seed)
IANA的公共密码必须由分布式路由策略系统[3]的软件实现来分配。初始集中的种子对象
需要用这个密码签署。以下事务(事务格式在[3]中定义)包含了这些对象并使用这个密码签
署:
mntner: mnt-iana
descr: iana's maintainer
admin-c: JKR1
tech-c: JKR1
upd-to: JKRey@ISI.EDU
mnt-nfy: JKRey@ISI.EDU
auth: pgpkey-7F6AA1B9
mnt-by: mnt-iana
referral-by: mnt-iana
source: IANA
key-cert: pgpkey-7F6AA1B9
method: pgp
owner: iana-root (est. Nov 98) <iana@iana.org>
fingerpr: 71 09 2E 37 71 B8 0A 9C 3B 28 98 B4 F1 21 13 BB
certif: # this is the real IANA key
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: 2.6.2
+
+ mQCNAzZJ52sAAAEEAJ//C01YnlaGuXyrC16V7FphkRvBmcNU22TPOzrKnKjnWjH5
+ sJ5UQnGOpyhDc796gqBjY+lTLvPB9sFGJPWgxfNk2JQaxxLTD+tfqSsiURc/srpp
+ XohFAVR/fez8MOecISwvNpFh5VADuFuoNi7ZLuOwVTC4tM5RU0NJa8l/aqG5AAUR
+ tCdpYW5hLXJvb3QgKGVzdC4gTm92IDk4KSA8aWFuYUBpYW5hLm9yZz4=
+ =sF4q
+ -----END PGP PUBLIC KEY BLOCK-----
mnt-by: mnt-iana
source: IANA
repository: IANA
repository-cert: PGPKEY-88BAC849
query-address: http://www.iana.org
response-auth-type: none
submit-address: http://www.iana.org
submit-auth-type: none
expire: 0000 04:00:00
heartbeat-interval: 0000 01:00:00
admin-c: JKR1
tech-c: JKR1
mnt-by: mnt-iana
source: IANA
as-block: AS0 - AS65535
descr: as number space
country: us
admin-c: JKR1
tech-c: JKR1
status: UNALLOCATED
source: IANA
mnt-by: mnt-iana
mnt-lower: mnt-iana
inetnum: 0.0.0.0 - 255.255.255.255
netname: Internet
descr: ip number space
country: us
admin-c: JKR1
tech-c: JKR1
status: UNALLOCATED
source: IANA
mnt-by: mnt-iana
mnt-lower: mnt-iana
timestamp: 19991001 01:00:00 +00:00
signature:
+ -----BEGIN PGP SIGNATURE-----
+ Version: 2.6.2
+
+ iQCVAwUBOAd3YENJa8l/aqG5AQFVdAP9Ho2TSLGXiDi6v1McsKY4obO32EtP44Jv
+ tpNWiRRz47WIpMBmzUrQajBDNNXzwq9r9mGC75Pg0MMwTDfvA47o6mnIGdT9XyZz
+ s9HlDGOqhklIjHOxXFDrBiz3u7eWEf3vmDCXt6UYg9lUtRKefkWtR5wD1Q1zDMSc
+ 7Ya7PE6X8SU=
+ =sAft
+ -----END PGP SIGNATURE-----
上述文本中,各行的尾部没有多余的空白字符,也不含制表符。连续的多个空行实际上
仅包含一个空行,中间的换页也只是一个空行。
此处,我们假定IANA运行其自身的资料库。但这并非是必需的,事实上可以由现有的路
由注册机构发布该事务。
2 IANA分配(IANA Assignments)
IANA每次分配都要创建inetnum和适当的as-block对象,并使用它的key-cert对象中
的密码对这些对象进行数字签名。比如:
as-block: AS0 - AS500
descr: arin's space
country: us
status: ALLOCATED
source: iana
delegated: arin
mnt-by: mnt-iana
inetnum: 128.0.0.0 - 128.255.255.255
netname: Internet portion
descr: ip number space
country: us
status: ALLOCATED
source: iana
delegated: arin
mnt-by: mnt-iana
3 创建路由资料库(Creating Routing Repositories)
要使用新的路由资料库,需要构建一个资料库对象、一个维护器对象和一个key-cert对
象并通过IANA进行数字签名。比如:
mntner: mnt-ripe
descr: RIPE's maintainer
auth: <ripe's choice>
mnt-by: mnt-ripe
referral-by: mnt-iana
admin-c: . . .
tech-c: . . .
upd-to: . . .
mnt-nfy: . . .
source: RIPE
key-cert: pgpkey-979979
method: pgp
owner: . . .
fingerpr: . . .
certif: # this key is for illustration only
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: PGP for Personal Privacy 5.0
+
+ . . .
+ -----END PGP PUBLIC KEY BLOCK-----
mnt-by: mnt-ripe
source: RIPE
repository: RIPE
query-address: whois://whois.ripe.net
response-auth-type: PGPKEY-23F5CE35 # pointer to key-cert object
response-auth-type: none
remarks: you can request rsa signature on queries
remarks: PGP required on submissions
submit-address: mailto://auto-dbm@ripe.net
submit-address: rps-query://whois.ripe.net:43
submit-auth-type: pgp-key, crypt-pw, mail-from
remarks: these are the authentication types supported
mnt-by: maint-ripe-db
expire: 0000 04:00:00
heartbeat-interval: 0000 01:00:00
...
remarks: admin and technical contact, etc
source: RIPE
其中新资料库的第一项事务放入新资料库,而不是IANA资料库。
4 安全考虑(Security Considerations)
路由策略系统安全文档[2]为存储在路由注册机构中的对象定义了一个层次授权模型。本
文档详述了种子对象以及IANA维护授权层次结构的根所必需的操作。
5 IANA的意见(IANA Considerations)
整个文档经过IANA的逐条认可。
引用(References)
[1] Alaettinoglu, C., Bates, T., Gerich, E., Karrenberg, D., Meyer,
D., Terpstra, M. and C. Villamizar, "Routing Policy Specification
Language (RPSL)", RFC 2622, June 1999.
[2] Villamizar, C., Alaettinouglu, C., Meyer, D., Murphy, S. and C.
Orange, "Routing Policy System Security", RFC 2725, December
1999.
[3] Villamizar, C., Alaettinouglu, C., Govindan, R. and D. Meyer,
"Distributed Routing Policy System", Work in Progress.
6 作者地址(Authors' Addresses)
Cengiz Alaettinoglu
USC Information Sciences Institute
EMail: cengiz@isi.edu
Curtis Villamizar
Avici Systems
EMail: curtis@avici.com
Ramesh Govindan
USC Information Sciences Institute
EMail: govindan@isi.edu
7.注意(Notices)
IETF不对合法性及知识产权所有权的范围、或可能在执行此技术时声明附属的其它权利、
或关于本文档所描述的技术应用、或在这些权利之下可能或不能应用的范围负责。也不对关
于此权力的任何研究成果提出异议。有关IETF尊重后续标准和相关标准的过程可以在BCP-11
找到。允许出版时复制所声明的权力,许可的保证都是可利用的,本技术的实施者和用户都
可在IETF书记处获得允许。
IETF欢迎任何感兴趣的团体关注任何可能需要应用这一标准的技术的相关任何权利、专利
权或专利应用权、或者其他所有权。 请联系IETF的执行主管。
8、 全部版权声明
Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
致谢(Acknowledgement)
Funding for the RFC Editor function is currently provided by the
Internet Society.
RFC2754—RPS IANA's Issues RPS IANA的发布
1
RFC文档中文翻译计划