Re: [Sidr] V3 draft of SIDR Charter
"william(at)elan.net" <william@elan.net> Mon, 28 November 2005 12:08 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EghoJ-0008G8-A7; Mon, 28 Nov 2005 07:08:43 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EghoG-0008G0-Ut for sidr@megatron.ietf.org; Mon, 28 Nov 2005 07:08:41 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA24345 for <sidr@ietf.org>; Mon, 28 Nov 2005 07:07:57 -0500 (EST)
Received: from sokol.elan.net ([216.151.192.200]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Egi87-0002kU-Lf for sidr@ietf.org; Mon, 28 Nov 2005 07:29:13 -0500
Received: from sokol.elan.net (sokol [127.0.0.1]) by sokol.elan.net (8.13.1/8.13.1) with ESMTP id jASC8PSa002246; Mon, 28 Nov 2005 04:08:26 -0800
Received: from localhost (william@localhost) by sokol.elan.net (8.13.1/8.13.1/Submit) with ESMTP id jASC8Gs5002237; Mon, 28 Nov 2005 04:08:25 -0800
X-Authentication-Warning: sokol.elan.net: william owned process doing -bs
Date: Mon, 28 Nov 2005 04:08:16 -0800
From: "william(at)elan.net" <william@elan.net>
To: Geoff Huston <gih@apnic.net>
Subject: Re: [Sidr] V3 draft of SIDR Charter
In-Reply-To: <6.2.0.14.2.20051128203425.02acf120@kahuna.telstra.net>
Message-ID: <Pine.LNX.4.62.0511280138270.14705@sokol.elan.net>
References: <Pine.LNX.4.64.0511101743550.23850@netcore.fi> <6.2.0.14.2.20051112025129.02b3bdf8@localhost> <6.2.0.14.2.20051112031331.044471f8@localhost> <6.2.0.14.2.20051126074145.0301c218@kahuna.telstra.net> <F76529DC4E8579FB25AE6E9F@svartdal.hjemme.alvestrand.no> <6.2.0.14.2.20051128070004.02b0b268@kahuna.telstra.net> <2F57CBABD34601081A75DAFB@svartdal.hjemme.alvestrand.no> <6.2.0.14.2.20051128074620.02b03a48@kahuna.telstra.net> <6.2.0.14.2.20051128191945.02b75cb8@kahuna.telstra.net> <Pine.LNX.4.62.0511280024260.14705@sokol.elan.net> <6.2.0.14.2.20051128203425.02acf120@kahuna.telstra.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5a9a1bd6c2d06a21d748b7d0070ddcb8
Cc: sidr@ietf.org
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org
On Mon, 28 Nov 2005, Geoff Huston wrote: > At 07:41 PM 28/11/2005, william(at)elan.net wrote: > >> I still think you need to specify that work will include information >> on how to publish certification objects. Either have this as separate >> point below or addition to existing one. >> >>> The SIDR working group is charged with the following tasks: >>> >>> - Document an extensible interdomain routing security architecture >>> >>> - Document the use of certification objects within this secure >>> routing architecture >> >> Possibly change to: >> >> - Document use and publication of certification objects within >> secure interdomain routing architecture > > Now one way or another we are talking about certificate repositories. What > did you have in mind to specify here above and beyond normal repository > operation? That is pretty much it. I do not see it clearly spelled out in the charter that we would work on specifying access to (or at least linking rules for specifying PKI repository) PKI repositories and format of the data that is to be retrieved. There are actually quite a number of ways to run a repository or certificate verification service that have been developed (plus add related issues and formats for publication of CRL data as well), these are just a few these: SCVP (draft-ietf-pkix-scvp-21.txt) DVCS (RFC3029) OSCP (RFC2560) PKIXREP locator (draft-ietf-pkix-pkixrep-04.txt) HTTP Certificate Store (draft-ietf-pkix-certstore-http-09.txt) LDAP Certificate server PGP (HTTP based) key & certificate server etc. And it may well be that none of the above will work because one of the key issues is that BGP (like DNS) is a base protocol so one can not fully rely on some "higher" application protocol as part of BGP route establishment (see also SBGP & soBGP and compare how they propose to store cert data). I think info on considerations and issues involved in setting up and running repositories that would be used for BGP security should be considered and documented as well at least in some way. Also the format for certificates and any necessary extensions are all in scope (i.e. if we decide we need extension of RFC3779) and this I also see as publication-related issue. -- William Leibzon Elan Networks william@elan.net _______________________________________________ Sidr mailing list Sidr@ietf.org https://www1.ietf.org/mailman/listinfo/sidr
- [Sidr] a reminder on operator requirements Pekka Savola
- Re: [Sidr] a reminder on operator requirements Geoff Huston
- Re: [Sidr] a reminder on operator requirements Geoff Huston
- [Sidr] initial draft of SIDR Charter Geoff Huston
- Re: [Sidr] initial draft of SIDR Charter william(at)elan.net
- Re: [Sidr] initial draft of SIDR Charter Geoff Huston
- Re: [Sidr] initial draft of SIDR Charter Harald Tveit Alvestrand
- [Sidr] V2 draft of SIDR Charter Geoff Huston
- Re: [Sidr] initial draft of SIDR Charter Geoff Huston
- Re: [Sidr] initial draft of SIDR Charter Harald Tveit Alvestrand
- Re: [Sidr] initial draft of SIDR Charter Geoff Huston
- [Sidr] V3 draft of SIDR Charter Geoff Huston
- Re: [Sidr] V3 draft of SIDR Charter william(at)elan.net
- Re: [Sidr] V3 draft of SIDR Charter Geoff Huston
- Re: [Sidr] V3 draft of SIDR Charter william(at)elan.net
- Re: [Sidr] V3 draft of SIDR Charter Geoff Huston
- Re: [Sidr] V3 draft of SIDR Charter william(at)elan.net
- Re: [Sidr] V3 draft of SIDR Charter Geoff Huston
- Re: [Sidr] V3 draft of SIDR Charter Henk Uijterwaal
- Re: [Sidr] V3 draft of SIDR Charter william(at)elan.net
- Re: [Sidr] V3 draft of SIDR Charter Geoff Huston
- Re: [Sidr] V3 draft of SIDR Charter Stephen Kent