IETF Logo Mail Archive

Re: [Int-area] Re: SeND & CGA Extensions BOF

"James Kempf" <kempf@docomolabs-usa.com> Tue, 19 June 2007 20:13 UTC

Return-path: <int-area-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I0k5I-0000Vq-Um; Tue, 19 Jun 2007 16:13:52 -0400
Received: from int-area by megatron.ietf.org with local (Exim 4.43) id 1I0k5H-0000Uv-DU for int-area-confirm+ok@megatron.ietf.org; Tue, 19 Jun 2007 16:13:51 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I0k5H-0000Um-3d for int-area@ietf.org; Tue, 19 Jun 2007 16:13:51 -0400
Received: from key1.docomolabs-usa.com ([216.98.102.225] helo=fridge.docomolabs-usa.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I0k5E-0004CI-MB for int-area@ietf.org; Tue, 19 Jun 2007 16:13:51 -0400
Message-ID: <0a8d01c7b2ae$57783da0$576115ac@dcml.docomolabsusa.com>
From: James Kempf <kempf@docomolabs-usa.com>
To: Dave Thaler <dthaler@windows.microsoft.com>, int-area@ietf.org
References: <a50af956f4a4127e3f9c863b092c1f07@it.uc3m.es> <C556E424-5CAC-4194-B8C8-12A05297FA1F@cisco.com><Pine.LNX.4.64.0706040956410.20084@internaut.com><46644759.70109@ericsson.com> <271CF87FD652F34DBF877CB0CB5D16FC059A74AB@WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>
Subject: Re: [Int-area] Re: SeND & CGA Extensions BOF
Date: Tue, 19 Jun 2007 13:13:46 -0700
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 3.1 (+++)
X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955
Cc:
X-BeenThere: int-area@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/int-area>
List-Post: <mailto:int-area@lists.ietf.org>
List-Help: <mailto:int-area-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@lists.ietf.org?subject=subscribe>
Errors-To: int-area-bounces@lists.ietf.org

Dave,

Section 6.3 of RFC 3971 contains a certificate profile for routing 
authorization in X.509 certs. If that is somehow insufficient or lacking, 
then there definitely needs to be a charter item in the charter addressing 
the issue.

                   jak


----- Original Message ----- 
From: "Dave Thaler" <dthaler@windows.microsoft.com>
To: <int-area@ietf.org>
Sent: Wednesday, June 06, 2007 6:44 PM
Subject: RE: [Int-area] Re: SeND & CGA Extensions BOF


Right, there is work on making CGAs crypto-agile and it was presented in
a previous int-area meeting at IETF 66
(http://www3.ietf.org/proceedings/06jul/minutes/intarea.txt item 6).

However, there's another SEND issue that arose in a discussion I was in.
Is there any EKU defined for the X.509 certs used for securing Router
Discovery, that authorizes use as a router?  I can't find one, meaning
the only option is to issue a cert that is valid for all possible
purposes.  Or am I missing something?

-Dave

> -----Original Message-----
> From: Suresh Krishnan [mailto:suresh.krishnan@ericsson.com]
> Sent: Monday, June 04, 2007 10:10 AM
> To: Bernard Aboba
> Cc: int-area@ietf.org
> Subject: Re: [Int-area] Re: SeND & CGA Extensions BOF
>
> Hi Bernard,
>
> Bernard Aboba wrote:
> > I have a basic concern with the use of CGA in the IETF, which is
that
> the
> > CGA design is not currently crypto-agile.
>
> Yes. This is a big concern. Marcelo and Jari wrote a draft about
> updating CGAs to use multiple hash functions.
>
>
http://www.ietf.org/internet-drafts/draft-bagnulo-multiple-hash-cga-03.t
xt
>
> This is an individual submission and is in the RFC Editor's queue.
>
> Cheers
> Suresh
>
>
> _______________________________________________
> Int-area mailing list
> Int-area@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/int-area



_______________________________________________
Int-area mailing list
Int-area@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/int-area




_______________________________________________
Int-area mailing list
Int-area@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email