Re: [sidr] draft-ietf-sidrops-signed-tal-00
Russ Housley <housley@vigilsec.com> Tue, 27 March 2018 14:48 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 726AD12DA27
for <sidr@ietfa.amsl.com>; Tue, 27 Mar 2018 07:48:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id SE9IcEWtQSjM for <sidr@ietfa.amsl.com>;
Tue, 27 Mar 2018 07:48:13 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id E3421127522
for <sidr@ietf.org>; Tue, 27 Mar 2018 07:48:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
by mail.smeinc.net (Postfix) with ESMTP id C6B0B300A12
for <sidr@ietf.org>; Tue, 27 Mar 2018 10:48:10 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1])
by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id LvZAZkvTelXT for <sidr@ietf.org>;
Tue, 27 Mar 2018 10:48:09 -0400 (EDT)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net
[108.45.101.150])
by mail.smeinc.net (Postfix) with ESMTPSA id 9CFBA300494;
Tue, 27 Mar 2018 10:48:09 -0400 (EDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <D2AED6D8-991E-4E5C-B2C0-0B3AC34077EF@ripe.net>
Date: Tue, 27 Mar 2018 10:48:14 -0400
Cc: IETF SIDR <sidr@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7213DABC-FD92-4FB2-A1BB-7D778A0C7BEE@vigilsec.com>
References: <B3A27099-810E-46D5-A2E9-49C01F4389A2@vigilsec.com>
<5A5E79B7-4E84-4803-A9EC-4EC2D5719C77@ripe.net>
<D62DAF4C-52A8-4C35-9919-9E4ED9E6C458@vigilsec.com>
<D2AED6D8-991E-4E5C-B2C0-0B3AC34077EF@ripe.net>
To: Tim Bruijnzeels <tim@ripe.net>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/2PAor-i65GaOp0puoz_RHtcYVCY>
Subject: Re: [sidr] draft-ietf-sidrops-signed-tal-00
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>,
<mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>,
<mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2018 14:48:14 -0000
Tim: Works for me. Thanks for considering my suggestion. Russ > On Mar 27, 2018, at 5:38 AM, Tim Bruijnzeels <tim@ripe.net> wrote: > > Hi Russ, all, > > How about: > > OLD: > A signed TAL is an RPKI signed object, as specified in [RFC6488]. > > NEW: > The signed TAL object uses the standard template for > specifying signed objects that can be validated using the > RPKI [RFC6488], which is based on Cryptographic > Message Syntax (CMS) [RFC5652] as a standard > encapsulation format. > > (Relevant text included and paraphrased from 6488) > > Tim > > >> On 22 Mar 2018, at 18:44, Russ Housley <housley@vigilsec.com> wrote: >> >> Tim: >> >> I think that a statement in Section 3 that it uses CMS SignedData [RFC5652] would make this very clear. >> >> Russ >> >> >>> On Mar 22, 2018, at 1:07 PM, Tim Bruijnzeels <tim@ripe.net> wrote: >>> >>> Hi Russ, >>> >>> Yes, this is a CMS object. Section 3 describes this. It’s an extension of RPKI Signed Object - which is CMS.- and specifies the relevant content type (3.1) and eContent (3.2). >>> >>> Tim >>> >>>> On 22 Mar 2018, at 17:02, Russ Housley <housley@vigilsec.com> wrote: >>>> >>>> Is the intent to use CMS to sign the trust anchor list? Since ROAs are signed with CMS, I was expecting these signatures to follow the same convention. However, there is no reference to CMS in the draft. >>>> >>>> Russ >>>> >>>> _______________________________________________ >>>> sidr mailing list >>>> sidr@ietf.org >>>> https://www.ietf.org/mailman/listinfo/sidr >>>> >>> >> >> >
- [sidr] draft-ietf-sidrops-signed-tal-00 Russ Housley
- Re: [sidr] draft-ietf-sidrops-signed-tal-00 Tim Bruijnzeels
- Re: [sidr] draft-ietf-sidrops-signed-tal-00 Russ Housley
- Re: [sidr] draft-ietf-sidrops-signed-tal-00 Tim Bruijnzeels
- Re: [sidr] draft-ietf-sidrops-signed-tal-00 Russ Housley