组织:中国互动出版网(http://www.china-pub.com/) RFC文档中文翻译计划(http://www.china-pub.com/compters/emook/aboutemook.htm) E-mail:ouyang@china-pub.com 译者:牛韬(NT niutao@sohu.com) 王安鹏 (anpengwang ) 译文发布时间:2001-7-1 版权:本中文翻译文档版权归中国互动出版网所有。可以用于非商业用途自由转载,但必须 保留本文档的翻译及版权信息。 Network Working Group C. Alaettinoglu Request for Comments: 2754 USC/ISI Category: Informational C. Villamizar Avici Systems R. Govindan USC/ISI January 2000 RPS IANA的发布 (RFC2754—RPS IANA's Issues) 本备忘录的状态 本备忘录为Internet社区提供资讯,但没有定义任何Internet标准。本备忘录的发布 不受限制。 版权宣告 Copyright (C) The Internet Society (2000). All Rights Reserved. 摘要 RPS加密[2]要求IRR的特定RPSL[1]对象以逐级授权。这个层级的根中的对象集必须创 建并通过IANA数字签名。本文介绍了这些种子对象并列出了IANA要求的操作。 本文档中的关键字“必须”、“不得”、“要求的”、“应”、“不应”、“需”、“无需”、“建议”、 “可以”和“可选”按照RFC2119的解释。 目录 1 初始种子(Initial Seed) 2 2 IANA分配(IANA Assignments) 4 3 创建路由资料库(Creating Routing Repositories) 4 4 安全考虑(Security Considerations) 5 5 IANA的意见(IANA Considerations) 5 6 作者地址(Authors' Addresses) 6 7.注意(Notices) 6 8、 全部版权声明 7 1 初始种子(Initial Seed) IANA的公共密码必须由分布式路由策略系统[3]的软件实现来分配。初始集中的种子对象 需要用这个密码签署。以下事务(事务格式在[3]中定义)包含了这些对象并使用这个密码签 署: mntner: mnt-iana descr: iana's maintainer admin-c: JKR1 tech-c: JKR1 upd-to: JKRey@ISI.EDU mnt-nfy: JKRey@ISI.EDU auth: pgpkey-7F6AA1B9 mnt-by: mnt-iana referral-by: mnt-iana source: IANA key-cert: pgpkey-7F6AA1B9 method: pgp owner: iana-root (est. Nov 98) fingerpr: 71 09 2E 37 71 B8 0A 9C 3B 28 98 B4 F1 21 13 BB certif: # this is the real IANA key + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: 2.6.2 + + mQCNAzZJ52sAAAEEAJ//C01YnlaGuXyrC16V7FphkRvBmcNU22TPOzrKnKjnWjH5 + sJ5UQnGOpyhDc796gqBjY+lTLvPB9sFGJPWgxfNk2JQaxxLTD+tfqSsiURc/srpp + XohFAVR/fez8MOecISwvNpFh5VADuFuoNi7ZLuOwVTC4tM5RU0NJa8l/aqG5AAUR + tCdpYW5hLXJvb3QgKGVzdC4gTm92IDk4KSA8aWFuYUBpYW5hLm9yZz4= + =sF4q + -----END PGP PUBLIC KEY BLOCK----- mnt-by: mnt-iana source: IANA repository: IANA repository-cert: PGPKEY-88BAC849 query-address: http://www.iana.org response-auth-type: none submit-address: http://www.iana.org submit-auth-type: none expire: 0000 04:00:00 heartbeat-interval: 0000 01:00:00 admin-c: JKR1 tech-c: JKR1 mnt-by: mnt-iana source: IANA as-block: AS0 - AS65535 descr: as number space country: us admin-c: JKR1 tech-c: JKR1 status: UNALLOCATED source: IANA mnt-by: mnt-iana mnt-lower: mnt-iana inetnum: 0.0.0.0 - 255.255.255.255 netname: Internet descr: ip number space country: us admin-c: JKR1 tech-c: JKR1 status: UNALLOCATED source: IANA mnt-by: mnt-iana mnt-lower: mnt-iana timestamp: 19991001 01:00:00 +00:00 signature: + -----BEGIN PGP SIGNATURE----- + Version: 2.6.2 + + iQCVAwUBOAd3YENJa8l/aqG5AQFVdAP9Ho2TSLGXiDi6v1McsKY4obO32EtP44Jv + tpNWiRRz47WIpMBmzUrQajBDNNXzwq9r9mGC75Pg0MMwTDfvA47o6mnIGdT9XyZz + s9HlDGOqhklIjHOxXFDrBiz3u7eWEf3vmDCXt6UYg9lUtRKefkWtR5wD1Q1zDMSc + 7Ya7PE6X8SU= + =sAft + -----END PGP SIGNATURE----- 上述文本中,各行的尾部没有多余的空白字符,也不含制表符。连续的多个空行实际上 仅包含一个空行,中间的换页也只是一个空行。 此处,我们假定IANA运行其自身的资料库。但这并非是必需的,事实上可以由现有的路 由注册机构发布该事务。 2 IANA分配(IANA Assignments) IANA每次分配都要创建inetnum和适当的as-block对象,并使用它的key-cert对象中 的密码对这些对象进行数字签名。比如: as-block: AS0 - AS500 descr: arin's space country: us status: ALLOCATED source: iana delegated: arin mnt-by: mnt-iana inetnum: 128.0.0.0 - 128.255.255.255 netname: Internet portion descr: ip number space country: us status: ALLOCATED source: iana delegated: arin mnt-by: mnt-iana 3 创建路由资料库(Creating Routing Repositories) 要使用新的路由资料库,需要构建一个资料库对象、一个维护器对象和一个key-cert对 象并通过IANA进行数字签名。比如: mntner: mnt-ripe descr: RIPE's maintainer auth: mnt-by: mnt-ripe referral-by: mnt-iana admin-c: . . . tech-c: . . . upd-to: . . . mnt-nfy: . . . source: RIPE key-cert: pgpkey-979979 method: pgp owner: . . . fingerpr: . . . certif: # this key is for illustration only + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: PGP for Personal Privacy 5.0 + + . . . + -----END PGP PUBLIC KEY BLOCK----- mnt-by: mnt-ripe source: RIPE repository: RIPE query-address: whois://whois.ripe.net response-auth-type: PGPKEY-23F5CE35 # pointer to key-cert object response-auth-type: none remarks: you can request rsa signature on queries remarks: PGP required on submissions submit-address: mailto://auto-dbm@ripe.net submit-address: rps-query://whois.ripe.net:43 submit-auth-type: pgp-key, crypt-pw, mail-from remarks: these are the authentication types supported mnt-by: maint-ripe-db expire: 0000 04:00:00 heartbeat-interval: 0000 01:00:00 ... remarks: admin and technical contact, etc source: RIPE 其中新资料库的第一项事务放入新资料库,而不是IANA资料库。 4 安全考虑(Security Considerations) 路由策略系统安全文档[2]为存储在路由注册机构中的对象定义了一个层次授权模型。本 文档详述了种子对象以及IANA维护授权层次结构的根所必需的操作。 5 IANA的意见(IANA Considerations) 整个文档经过IANA的逐条认可。 引用(References) [1] Alaettinoglu, C., Bates, T., Gerich, E., Karrenberg, D., Meyer, D., Terpstra, M. and C. Villamizar, "Routing Policy Specification Language (RPSL)", RFC 2622, June 1999. [2] Villamizar, C., Alaettinouglu, C., Meyer, D., Murphy, S. and C. Orange, "Routing Policy System Security", RFC 2725, December 1999. [3] Villamizar, C., Alaettinouglu, C., Govindan, R. and D. Meyer, "Distributed Routing Policy System", Work in Progress. 6 作者地址(Authors' Addresses) Cengiz Alaettinoglu USC Information Sciences Institute EMail: cengiz@isi.edu Curtis Villamizar Avici Systems EMail: curtis@avici.com Ramesh Govindan USC Information Sciences Institute EMail: govindan@isi.edu 7.注意(Notices) IETF不对合法性及知识产权所有权的范围、或可能在执行此技术时声明附属的其它权利、 或关于本文档所描述的技术应用、或在这些权利之下可能或不能应用的范围负责。也不对关 于此权力的任何研究成果提出异议。有关IETF尊重后续标准和相关标准的过程可以在BCP-11 找到。允许出版时复制所声明的权力,许可的保证都是可利用的,本技术的实施者和用户都 可在IETF书记处获得允许。 IETF欢迎任何感兴趣的团体关注任何可能需要应用这一标准的技术的相关任何权利、专利 权或专利应用权、或者其他所有权。 请联系IETF的执行主管。 8、 全部版权声明 Copyright (C) The Internet Society (2000). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 致谢(Acknowledgement) Funding for the RFC Editor function is currently provided by the Internet Society. RFC2754—RPS IANA's Issues RPS IANA的发布 1 RFC文档中文翻译计划