[sidr] comments on BGPSEC PKI and Alg profiles

Sean Turner <turners@ieca.com> Fri, 18 November 2011 07:19 UTC

Return-Path: <turners@ieca.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 8772511E808F for <sidr@ietfa.amsl.com>; Thu, 17 Nov 2011 23:19:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.97
X-Spam-Status: No, score=-101.97 tagged_above=-999 required=5 tests=[AWL=-0.305, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_22=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id sF+2P9XN8qtz for <sidr@ietfa.amsl.com>; Thu, 17 Nov 2011 23:19:13 -0800 (PST)
Received: from gateway.websitewelcome.com (gateway16.websitewelcome.com []) by ietfa.amsl.com (Postfix) with ESMTP id 6127E11E808B for <sidr@ietf.org>; Thu, 17 Nov 2011 23:19:13 -0800 (PST)
Received: by gateway.websitewelcome.com (Postfix, from userid 5007) id CFEED4185C0BB; Fri, 18 Nov 2011 01:18:05 -0600 (CST)
Received: from gator1743.hostgator.com (gator1743.hostgator.com []) by gateway.websitewelcome.com (Postfix) with ESMTP id C037E4185C064 for <sidr@ietf.org>; Fri, 18 Nov 2011 01:18:05 -0600 (CST)
Received: from [] (port=54191 helo=dhcp-2594.meeting.ietf.org) by gator1743.hostgator.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <turners@ieca.com>) id 1RRIi4-0004o0-UW for sidr@ietf.org; Fri, 18 Nov 2011 01:18:05 -0600
Message-ID: <4EC606AC.3040309@ieca.com>
Date: Fri, 18 Nov 2011 15:18:04 +0800
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: sidr@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-Sender: dhcp-2594.meeting.ietf.org []:54191
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 1
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Subject: [sidr] comments on BGPSEC PKI and Alg profiles
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2011 07:19:19 -0000

So I ran through my presentation at a million miles an hour, but I did 
get some comments.  Here's what I think we ought to do to resolve them:

- From Russ H.: just use cn don't use cn + sn in subject.  Rob A. went 
and looked at the existing RPKI certs.  cn+sn is used so we're going to 
leave it as is (i.e., cn+sn).

- From Brian W.: question about EC IPR.  We should really be pointing to 
RFC 6090 for ECDSA.  I'd like to propose that we point there instead of 
FIPS 186-3.

- From me: add an ASN.1 module for the BGPSEC EKU.  I made others do it
so I should do it too (i.e., eat my own dog food).

I'll give people a couple of weeks to recover from the meeting before I 
post a new version.