Internet Architecture Board (IAB) R. Housley, Ed.
Request for Comments: 7500 Vigil Security
Category: Informational O. Kolkman, Ed.
ISSN: 2070-1721 Internet Society
April 2015
Internet Architecture Board (IAB) R. Housley, Ed.
Request for Comments: 7500 Vigil Security
Category: Informational O. Kolkman, Ed.
ISSN: 2070-1721 Internet Society
April 2015
Principles for Operation of Internet Assigned Numbers Authority (IANA) Registries
因特网分配号码管理局(IANA)登记册的运作原则
Abstract
摘要
This document provides principles for the operation of Internet Assigned Numbers Authority (IANA) registries.
本文件提供了互联网分配号码管理局(IANA)登记册的操作原则。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Architecture Board (IAB) and represents information that the IAB has deemed valuable to provide for permanent record. It represents the consensus of the Internet Architecture Board (IAB). Documents approved for publication by the IAB are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文件是互联网体系结构委员会(IAB)的产品,代表IAB认为有价值提供永久记录的信息。它代表了互联网体系结构委员会(IAB)的共识。IAB批准发布的文件不适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7500.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7500.
Copyright Notice
版权公告
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2015 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Table of Contents
目录
1. Introduction ....................................................2
2. Principles for the Operation of IANA Registries .................3
3. Discussion ......................................................4
3.1. Ensuring Uniqueness, Stability, and Predictability .........4
3.2. Public .....................................................4
3.3. Open and Transparent .......................................4
3.4. Accountable ................................................5
4. Security Considerations .........................................5
5. Informative References ..........................................6
IAB Members at the Time of Approval ................................7
Contributors and Acknowledgements ..................................7
Authors' Addresses .................................................7
1. Introduction ....................................................2
2. Principles for the Operation of IANA Registries .................3
3. Discussion ......................................................4
3.1. Ensuring Uniqueness, Stability, and Predictability .........4
3.2. Public .....................................................4
3.3. Open and Transparent .......................................4
3.4. Accountable ................................................5
4. Security Considerations .........................................5
5. Informative References ..........................................6
IAB Members at the Time of Approval ................................7
Contributors and Acknowledgements ..................................7
Authors' Addresses .................................................7
The Internet Engineering Task Force (IETF) and its predecessors have traditionally separated the publication of protocol specifications in immutable Request for Comments (RFCs) and the registries containing protocol parameters. Traditionally, the registries are maintained by a set of functions known collectively as the Internet Assigned Numbers Authority (IANA). Dating back to the earliest days of the Internet, specification publication and the registry operations were tightly coupled: Jon Postel of the Information Sciences Institute (ISI) of the University of Southern California (USC) was responsible for both RFC publication and IANA registry operation. This tight coupling had advantages, but it was never a requirement. Indeed, today the RFC Editor and IANA registry operation are provided by different entities.
互联网工程任务组(IETF)及其前身传统上将协议规范的发布与包含协议参数的注册中心分离开来。传统上,注册中心由一组统称为互联网分配号码管理局(IANA)的功能维护。追溯到互联网最早的时代,规范出版和注册表操作紧密耦合:南加州大学信息科学研究所(ISI)的Jon Postel负责RFC出版和IANA注册操作。这种紧密耦合有其优点,但从来都不是必需的。事实上,今天的RFC编辑器和IANA注册表操作是由不同的实体提供的。
Internet registries are critical to the operation of the Internet, because they provide a definitive record of the value and meaning of identifiers that protocols use when communicating with each other. Almost every Internet protocol makes use of registries in some form. At the time of writing, the IANA maintains more than two thousand protocol parameter registries.
互联网注册对于互联网的运行至关重要,因为它们提供了协议在相互通信时使用的标识符的价值和意义的最终记录。几乎每个互联网协议都以某种形式使用注册中心。在撰写本文时,IANA维护了2000多个协议参数注册表。
Internet registries hold protocol identifiers consisting of constants and other well-known values used by Internet protocols. These values can be numbers, strings, addresses, and so on. They are uniquely assigned for one particular purpose or use. Identifiers can be maintained in a central list (such as a list of cryptographic algorithms) or they can be hierarchically allocated and assigned by separate entities at different points in the hierarchy (such as IP addresses and domain names). To maximize trust and usefulness of the IANA registries, the principles in this document should be taken into consideration for centralized registries as well as hierarchically
Internet注册表保存由常量和Internet协议使用的其他已知值组成的协议标识符。这些值可以是数字、字符串、地址等。它们被唯一地分配用于一个特定的目的或用途。标识符可以保存在中心列表中(例如加密算法列表),也可以由层次结构中不同点的单独实体(例如IP地址和域名)分层分配和分配。为了最大限度地提高IANA注册中心的信任度和有效性,本文件中的原则应考虑到集中注册中心以及分层注册中心
delegated registries. In hierarchically delegated registries, entries nearest to top level have broad scope, but lower-level entries have narrow scope. The Internet Architecture Board (IAB) will encourage support for these principles in all delegations of Internet identifiers.
委托登记处。在分层委托的注册中心中,最接近顶层的条目具有广泛的作用域,但较低级别的条目具有狭窄的作用域。互联网架构委员会(IAB)将鼓励所有互联网标识代表团支持这些原则。
The registry system is built on trust and mutual cooperation. The use of the registries is voluntary and is not enforced by mandates or certification policies. While the use of registries is voluntary, it is noted that the success of the Internet creates enormous pressure to use Internet protocols and the identifier registries associated with them.
登记制度建立在信任和相互合作的基础上。登记册的使用是自愿的,不受授权或认证政策的强制执行。虽然登记册的使用是自愿的,但应当指出,互联网的成功给使用互联网协议和与之相关的标识符登记册带来了巨大的压力。
This document provides principles for the operation of IANA registries, ensuring that protocol identifiers have consistent meanings and interpretations across all implementations and deployments, and thus providing the necessary trust in the IANA registries.
本文档提供了IANA注册表的操作原则,确保协议标识符在所有实现和部署中具有一致的含义和解释,从而在IANA注册表中提供必要的信任。
The following key principles underscore the successful functioning of the IANA registries, and they provide a foundation for trust in those registries:
以下关键原则强调了IANA注册中心的成功运作,并为这些注册机构提供了信任基础:
Ensure Uniqueness: The same protocol identifier must not be used for more than one purpose.
确保唯一性:同一协议标识符不得用于多个目的。
Stable: Protocol identifier assignment must be lasting.
稳定:协议标识符分配必须是持久的。
Predictable: The process for making assignments must not include unexpected steps.
可预测:分配任务的过程不得包含意外步骤。
Public: The protocol identifiers must be made available in well-known locations in a manner that makes them freely available to everyone.
公共:协议标识符必须在众所周知的位置以一种让每个人都可以自由使用的方式提供。
Open: The process that sets the policy for protocol identifier assignment and registration must be open to all interested parties.
开放:为协议标识符分配和注册设置策略的过程必须对所有相关方开放。
Transparent: The protocol registries and their associated policies should be developed in a transparent manner.
透明:应以透明的方式制定议定书登记册及其相关政策。
Accountable: Registry policy development and registry operations need to be accountable to the affected community.
问责:登记册政策制定和登记册运作需要对受影响社区负责。
The principles discussed in Section 2 provide trust and confidence in the IANA registries. This section expands on these principles.
第2节讨论的原则为IANA注册提供了信任和信心。本节将详细介绍这些原则。
Protocol identifier assignment and registration must be unique, stable, and predictable. Developers, vendors, customers, and users depend on the registries for unique protocol identifiers that are assigned in a stable and predictable manner.
协议标识符分配和注册必须是唯一、稳定和可预测的。开发人员、供应商、客户和用户依赖于注册表,以稳定和可预测的方式分配唯一的协议标识符。
A protocol identifier may only be reassigned for a different purpose after due consideration of the impact of such a reassignment, and if possible, with the consent of the original assignee.
只有在适当考虑了协议标识符重新分配的影响后,并在可能的情况下,征得原始受让人的同意,才能为不同的目的重新分配协议标识符。
Recognizing that some assignments involve judgment, such as those involving a designated expert [RFC5226], a predictable process does not require completion in a predetermined number of days. Rather, it means that no unexpected steps are introduced in the process of making an assignment.
认识到一些任务涉及判断,例如涉及指定专家的任务[RFC5226],可预测的过程不需要在预定天数内完成。相反,这意味着在分配任务的过程中不会引入任何意外的步骤。
Once assigned, the protocol identifiers must be made available in a manner that makes them freely available to everyone without restrictions. The use of a consistent publication location builds confidence in the registry. This does not mean that the publication location can never change, but it does mean that it must change infrequently and only after adequate prior notice.
一旦分配了协议标识符,协议标识符必须以一种不受限制的方式免费提供给每个人。使用一致的发布位置可以建立对注册表的信心。这并不意味着出版物的位置永远不会改变,但它确实意味着必须不经常地改变,并且只有在充分事先通知后才能改变。
The process that sets the policy for protocol identifier assignment and registration must be open to all interested parties and operate in a transparent manner.
为协议标识符分配和注册设置策略的过程必须向所有相关方开放,并以透明的方式运行。
When a registry is established, a policy is set for the addition of new entries and the updating of existing entries. While making additions and modifications, the registry operator may expose instances where policies lack clarity. When this occurs, the registry operator should provide helpful feedback to allow those policies to be improved. In addition, the registry operator not being involved in establishing registry policy avoids the risks associated with (perceptions of) favoritism and unfairness.
建立注册表时,将设置一个策略,用于添加新条目和更新现有条目。在进行添加和修改时,注册表操作员可能会公开策略不清晰的实例。发生这种情况时,注册表操作员应提供有用的反馈,以便改进这些策略。此外,不参与制定注册政策的注册运营商可以避免与(感知)偏袒和不公平相关的风险。
Recognizing that some assignments involve judgment, such as those involving a designated expert [RFC5226], the recommendations by designated experts must be visible to the public to the maximum extent possible and subject to challenge or appeal.
认识到某些任务涉及判决,例如涉及指定专家的任务[RFC5226],指定专家的建议必须尽可能公开,并受到质疑或上诉。
The process that sets the policy for IANA registries and the operation of the registries must be accountable to the parties that rely on the protocol identifiers. Oversight is needed to ensure these are properly serving the affected community.
为IANA登记册制定政策的过程和登记册的运作必须对依赖协议标识符的各方负责。需要进行监督,以确保这些服务能够适当地服务于受影响的社区。
In practice, accountability mechanisms for the registry operator may be defined by contract, memoranda of understanding, or service level agreements (SLAs). An oversight body uses these mechanisms to ensure that the registry operator is meeting the needs of the affected community. The oversight body is held accountable to the affected community by vastly different mechanisms, for instance recall and appeal processes.
实际上,注册运营商的问责机制可以通过合同、谅解备忘录或服务水平协议(SLA)来定义。一个监督机构利用这些机制确保登记处经营者满足受影响社区的需要。监督机构通过截然不同的机制,例如召回和上诉程序,对受影响社区负责。
For protocol parameters [RFC6220], the general oversight of the IANA function is performed by the IAB as a chartered responsibility from [RFC2850]. In addition, the IETF Administrative Oversight Committee (IAOC), a body responsible for IETF administrative and financial matters [BCP101], maintains an SLA with the current registry operator, the Internet Corporation for Assigned names and Numbers (ICANN), thereby specifying the operational requirements with respect to the coordination, maintenance, and publication of the protocol parameter registries. Both the IAB and the IAOC are accountable to the larger Internet community and are being held accountable through the IETF Nomcom process [BCP10].
对于协议参数[RFC6220],IAB作为[RFC2850]的特许责任对IANA功能进行全面监督。此外,IETF行政监督委员会(IAOC)是一个负责IETF行政和财务事宜的机构[BCP101],与当前注册运营商互联网名称和号码分配公司(ICANN)保持SLA,从而规定了与协调相关的运营要求,协议参数注册表的维护和发布。IAB和IAOC都对更大的互联网社区负责,并通过IETF Nomcom流程承担责任[BCP10]。
For the Internet Number Registries [RFC7249], oversight is performed by the Regional Internet Registries (RIRs) as described RFC 7020 [RFC7020]. The RIRs are member-based organizations, and they are accountable to the affected community by elected governance boards. Furthermore, per agreement between the RIRs and ICANN, the policy development for the global IANA number registries is coordinated by a community-elected number council and subject to process review before ratification by the ICANN Board of Trustees [ASOMOU].
对于互联网号码注册处[RFC7249],由区域互联网注册处(RIR)进行监督,如RFC 7020[RFC7020]所述。RIR是以成员为基础的组织,通过选举产生的治理委员会向受影响社区负责。此外,根据RIRs和ICANN之间的协议,全球IANA号码注册的政策制定由社区选举的号码委员会协调,并在ICANN董事会批准之前接受流程审查[ASOMU]。
Internet Registries are critical to elements of Internet security. The principles described in this document are necessary for the Internet community to place trust in the IANA registries.
互联网注册对于互联网安全要素至关重要。本文件中描述的原则对于互联网社区信任IANA注册是必要的。
[ASOMOU] ICANN, "ICANN Address Supporting Organization (ASO) MoU", October 2004, <http://archive.icann.org/en/aso/aso-mou-29oct04.htm>.
[ASO MoU]ICANN,“ICANN地址支持组织(ASO)MoU”,2004年10月<http://archive.icann.org/en/aso/aso-mou-29oct04.htm>.
[BCP10] Kucherawy, M., Ed., "IAB, IESG, and IAOC Selection, Confirmation, and Recall Process: Operation of the Nominating and Recall Committees", BCP 10, RFC 7437, January 2015, <http://www.rfc-editor.org/info/bcp10>.
[BCP10]Kucherawy,M.,Ed.,“IAB、IESG和IAOC选择、确认和召回流程:提名和召回委员会的运作”,BCP 10,RFC 7437,2015年1月<http://www.rfc-editor.org/info/bcp10>.
[BCP101] Austein, R., Ed., and B. Wijnen, Ed., "Structure of the IETF Administrative Support Activity (IASA)", BCP 101, RFC 4071, April 2005.
[BCP101]Austein,R.,Ed.,和B.Wijnen,Ed.,“IETF行政支持活动(IASA)的结构”,BCP 101,RFC 4071,2005年4月。
Carpenter, B., Ed., and L. Lynch, Ed., "BCP 101 Update for IPR Trust", BCP 101, RFC 4371, January 2006.
Carpenter,B.,Ed.,和L.Lynch,Ed.,“知识产权信托的BCP 101更新”,BCP 101,RFC 4371,2006年1月。
<http://www.rfc-editor.org/info/bcp101>
<http://www.rfc-editor.org/info/bcp101>
[RFC2850] Internet Architecture Board and B. Carpenter, Ed., "Charter of the Internet Architecture Board (IAB)", BCP 39, RFC 2850, May 2000, <http://www.rfc-editor.org/info/rfc2850>.
[RFC2850]互联网架构委员会和B.Carpenter,Ed.,“互联网架构委员会(IAB)章程”,BCP 39,RFC 28502000年5月<http://www.rfc-editor.org/info/rfc2850>.
[RFC2860] Carpenter, B., Baker, F., and M. Roberts, "Memorandum of Understanding Concerning the Technical Work of the Internet Assigned Numbers Authority", RFC 2860, June 2000, <http://www.rfc-editor.org/info/rfc2860>.
[RFC2860]Carpenter,B.,Baker,F.和M.Roberts,“关于互联网分配号码管理局技术工作的谅解备忘录”,RFC 28602000年6月<http://www.rfc-editor.org/info/rfc2860>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008, <http://www.rfc-editor.org/info/rfc5226>.
[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,2008年5月<http://www.rfc-editor.org/info/rfc5226>.
[RFC6220] McPherson, D., Ed., Kolkman, O., Ed., Klensin, J., Ed., Huston, G., Ed., and Internet Architecture Board, "Defining the Role and Function of IETF Protocol Parameter Registry Operators", RFC 6220, April 2011, <http://www.rfc-editor.org/info/rfc6220>.
[RFC6220]McPherson,D.,Ed.,Kolkman,O.,Ed.,Klensin,J.,Ed.,Huston,G.,Ed.,和互联网架构委员会,“定义IETF协议参数注册操作员的角色和功能”,RFC 6220,2011年4月<http://www.rfc-editor.org/info/rfc6220>.
[RFC7020] Housley, R., Curran, J., Huston, G., and D. Conrad, "The Internet Numbers Registry System", RFC 7020, August 2013, <http://www.rfc-editor.org/info/rfc7020>.
[RFC7020]Housley,R.,Curran,J.,Huston,G.,和D.Conrad,“互联网号码注册系统”,RFC 70202013年8月<http://www.rfc-editor.org/info/rfc7020>.
[RFC7249] Housley, R., "Internet Numbers Registries", RFC 7249, May 2014, <http://www.rfc-editor.org/info/rfc7249>.
[RFC7249]Housley,R.,“互联网号码注册”,RFC 7249,2014年5月<http://www.rfc-editor.org/info/rfc7249>.
IAB Members at the Time of Approval
批准时的IAB成员
Jari Arkko (IETF Chair) Mary Barnes Marc Blanchet Joel Halpern Ted Hardie Joe Hildebrand Russ Housley Eliot Lear Xing Li Erik Nordmark Andrew Sullivan Dave Thaler Brian Trammell
Jari Arkko(IETF主席)Mary Barnes Marc Blanchet Joel Halpern Ted Hardie Joe Hildebrand Russ Housley Eliot Lear Xing Li Erik Nordmark Andrew Sullivan Dave Thaler Brian Trammell
Contributors and Acknowledgements
贡献者和致谢
This text has been developed within the IAB IANA Evolution Program. The ideas and many text fragments, and corrections came from or were inspired on comments from: Bernard Aboba, Jaap Akkerhuis, Jari Arkko, Marcelo Bagnulo, Mark Blanchet, Brian Carpenter, David Conrad, Steve Crocker, John Curran, Alissa Cooper, Leslie Daigle, Elise Gerich, John Klensin, Bertrand de La Chapelle, Eliot Lear, Danny McPherson, George Michaelson, Thomas Narten, Andrei Robachevsky, Andrew Sullivan, Dave Thaler, Brian Trammell, and Greg Wood. Further inspiration and input was drawn from various meetings with IETF and other Internet community (RIRs, ISOC, W3C, IETF, and IAB) leadership.
本文本已在IAB IANA进化计划中制定。这些想法和许多文本片段以及更正都来自以下评论或受其启发:伯纳德·阿博巴、雅普·阿克胡伊斯、贾里·阿尔科、马塞洛·巴格鲁、马克·布兰奇、布赖恩·卡彭特、大卫·康拉德、史蒂夫·克罗克、约翰·科伦、艾莉莎·库珀、莱斯利·戴格尔、伊丽莎白·格里奇、约翰·克莱辛、伯特兰·德拉夏佩尔、艾略特·李尔、丹尼·麦克弗森、,乔治·迈克尔森、托马斯·纳滕、安德烈·罗巴切夫斯基、安德鲁·沙利文、戴夫·泰勒、布赖恩·特拉梅尔和格雷格·伍德。从与IETF和其他互联网社区(RIRs、ISOC、W3C、IETF和IAB)领导人的各种会议中获得了进一步的灵感和投入。
Please do not assume those acknowledged endorse the resulting text.
请不要假定得到认可的人认可结果文本。
Authors' Addresses
作者地址
Russ Housley 918 Spring Knoll Drive Herndon, VA 20170 USA EMail: housley@vigilsec.com
Russ Housley 918 Spring Knoll Drive Herndon,弗吉尼亚州20170美国电子邮件:housley@vigilsec.com
Olaf Kolkman Science Park 400 Amsterdam 1098 XH The Netherlands EMail: kolkman@isoc.org
Olaf Kolkman科技园400阿姆斯特丹1098 XH荷兰电子邮件:kolkman@isoc.org