This is draft text to be discussed by the future MANRS+ Working Group that will be formed in September 2022. Do not distribute.

Background

Mutually Agreed Norms for Routing Security (MANRS) has grown to more than 800 participants, including network operators, IXPs, CDN and Cloud providers, and network equipment vendors. MANRS stimulates collective action for solving routing security issues. It sets norms for routing operations by providing a clear baseline (MANRS Actions) and building a community to support this baseline by implementing these Actions. 

Its focus has traditionally been on peer-to-peer relationships between network operators of various types. The business case, beyond good netizenship, is mainly around the reputational value it has for the participants. For some, driving worldwide adoption of the practices and improvements to the ecosystem it brings is a business case. But, on average, the value proposition of MANRS is somewhat limited. We need significantly more networks implementing MANRS actions to stop routing security incidents in their tracks.

We believe customer demand can be a driving force in increasing the number of organizations implementing the MANRS actions. If we can enhance the business case for MANRS, customers will demand better routing security of their network connectivity providers and the providers will make the necessary investment to ensure they’re following best practices and staying in compliance with the MANRS actions that stop routing security incidents. 

Purpose

The purpose of the MANRS+ Working Group is to explore the idea of creating a second, elevated tier of MANRS participation for organizations that comply with more stringent requirements and auditing. 

The Working Group will create a significantly higher value proposition for a subset of the MANRS participants based on a credible quality mark it will represent, recognized by customers, and used in their business decisions. This quality mark and the associated certification process assume better alignment with customer needs and more profound conformance auditing leading to better security assurance.

This working group is to develop the requirements for MANRS+. Development of a potential certification program for MANRS+ is outside the scope of the working group and will be considered based on the outputs of this work.

Goals

The goals of the MANRS+ Working Group are to:

  1. Solicit input from enterprise customers to identify a viable set of security requirements for connectivity providers (network transit providers) that has additional value to customers.
  2. Based on collected input, develop an expanded set of MANRS Actions for network operators, CDNs, and Cloud providers.
  3. Develop requirements for conformance testing of the Actions.
  4. Identify requirements for necessary tooling for conformance testing and other aspects of the quality mark.
  5. Identify potential partners for the development of a certification program for MANRS+ .

Membership

Membership in this MANRS+ Working Group is open to everyone. MANRS participation is not required. 

Leadership

The MANRS+ Working Group will have two co-chairs and an Internet Society-appointed coordinator.

Milestones and Term

The milestones of the MANRS+ Working Group are:

  • September 2022 – Form the Working Group
  • October 2022 – Requirements of potential customers
  • December 2022 – Draft MANRS+ Actions
  • January 2023 – Draft conformance testing
  • February 2023 – Draft tooling requirements
  • March 2023 – Final MANRS+ document (Actions and Conformance requirements)

The MANRS+ Working Group will last 12 months after the adoption of this charter. It may be renewed indefinitely by the Working Group participants as needs arise.