Re: [secdir] Secdir review of draft-ietf-sidr-res-certs

Stephen Kent <> Wed, 04 May 2011 13:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 85B2EE070C; Wed, 4 May 2011 06:14:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -105.07
X-Spam-Status: No, score=-105.07 tagged_above=-999 required=5 tests=[AWL=1.529, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cSNfG7abgHFe; Wed, 4 May 2011 06:14:52 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 0982EE06A4; Wed, 4 May 2011 06:14:51 -0700 (PDT)
Received: from ([]:45522 helo=[]) by with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <>) id 1QHbuj-000CvY-RU; Wed, 04 May 2011 09:14:51 -0400
Mime-Version: 1.0
Message-Id: <p06240803c9e6f3747d1c@[]>
In-Reply-To: <>
References: <> <> <> <> <> <p06240801c9ce424e70b1@[]> <> <p06240808c9e45144c8f9@[]> <> <p06240800c9e604898d1c@[]> <> <p06240803c9e6ae6a7fe9@[]> <>
Date: Wed, 04 May 2011 09:14:30 -0400
To: Sam Hartman <>
From: Stephen Kent <>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc:, Sam Hartman <>,,
Subject: Re: [secdir] Secdir review of draft-ietf-sidr-res-certs
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 May 2011 13:14:52 -0000

At 7:48 AM -0400 5/4/11, Sam Hartman wrote:
>  >>>>> "Stephen" == Stephen Kent <> writes:
>     Stephen> The BGPSEC protocol being defined does not pass around ROAs
>     Stephen> or other RPKI repository objects. It defines two new,
>     Stephen> signed objects that are passed in UPDATE messages, and are
>     Stephen> not stored in the repository. These objects are verified
>     Stephen> using RPKI certs and CRLs, so there is a linkage.
>OK, so how will the upgrade work for these signed objects?  In
>particular during phase 2, when both old and new certs (under the old
>and new profile) are in use, what happens with these signed objects?
>Can a party generate both old and new signed objects? If so, will the
>protocol scale appropriately?  If not, how does a party know which
>signed object to generate?


The BGPSEC protocol will have to accommodate changes in the algs used 
to validate BGPSEC signed objects, and changes in algs used to 
validate RPKI objects, and key (not alg) changes in the RPKI objects, 
especially the certs associated with routers. So, format changes are 
just another example of a change in the RPKI that BGPSEC will have to 
accommodate. This is a legitimate discussion point for the BGPSEC 
protocol design discussions that will take place in SIDR. It is out 
of scope for the current set of docs, since they deal only with 
origin AS validation.

It would be inappropriate to suggest delaying this doc (or to suggest 
changes to it) based on discussions that will take place in the 
future, for a protocol that is just being adopted as a WG item now.