Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles

Sean Turner <turners@ieca.com> Fri, 04 May 2012 15:36 UTC

Return-Path: <turners@ieca.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D38221F870F for <sidr@ietfa.amsl.com>; Fri, 4 May 2012 08:36:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.952
X-Spam-Level:
X-Spam-Status: No, score=-101.952 tagged_above=-999 required=5 tests=[AWL=-0.287, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_15=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UHXFQQUHJ9pf for <sidr@ietfa.amsl.com>; Fri, 4 May 2012 08:36:22 -0700 (PDT)
Received: from gateway14.websitewelcome.com (gateway14.websitewelcome.com [67.18.70.2]) by ietfa.amsl.com (Postfix) with ESMTP id 7256821F8685 for <sidr@ietf.org>; Fri, 4 May 2012 08:36:22 -0700 (PDT)
Received: by gateway14.websitewelcome.com (Postfix, from userid 5007) id CF4664D062442; Fri, 4 May 2012 10:36:21 -0500 (CDT)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway14.websitewelcome.com (Postfix) with ESMTP id C1BB84D062422 for <sidr@ietf.org>; Fri, 4 May 2012 10:36:21 -0500 (CDT)
Received: from [198.180.150.230] (port=49950 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <turners@ieca.com>) id 1SQKYP-0002S5-09; Fri, 04 May 2012 10:36:21 -0500
Message-ID: <4FA3F774.7040803@ieca.com>
Date: Fri, 04 May 2012 11:36:20 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20120420 Thunderbird/12.0
MIME-Version: 1.0
To: Chris Morrow <morrowc@ops-netman.net>, "t.petch" <ietfc@btconnect.com>
References: <CAL9jLaZ6y7TAGx844e65ReJsaUFW5sOGNKKMUth3G4VMZV8Z8g@mail.gmail.com> <00d501cd2902$7a53d440$4001a8c0@gateway.2wire.net> <4FA292AF.2040901@ops-netman.net>
In-Reply-To: <4FA292AF.2040901@ops-netman.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: v230.vpn.iad.rg.net (thunderfish.local) [198.180.150.230]:49950
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 2
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Cc: sidr@ietf.org, sidr-chairs@ietf.org, "sidr-ads@tools.ietf.org" <sidr-ads@tools.ietf.org>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2012 15:36:23 -0000

On 5/3/12 10:14 AM, Chris Morrow wrote:
>
>
> On 05/03/2012 03:57 AM, t.petch wrote:
>> A question arising from my ignorance.
>>
>> How do values in the security arc get assigned?  Not IANA since there are no
>> IANA considerations, but how then?
>
> good question... the below are asn.1 things, quickly searching around
> isn't helping me out much either :(
>
> Russ, any idea how this happens in practice? 'lick finger, test wind,
> guess number' seems like the wrong method...

Russ Housley controls the pkix arc (has for years).  If we need a value 
from that arc (e.g., for the EKU extension and module OID), then 
we'll/I'll send a request to Russ for an OID.  He then returns an OID 
after some review.  I know he often compiles the modules too.

If you're curious about the OIDs under the 1.3.6.1.5.5.7 arc, the values 
can be found at: http://www.imc.org/ietf-pkix/pkix-oid.asn.

The longer term plan is to transition the arc to IANA when PKIX closes.

spt

>>
>> On the IANA profiles web page I can see
>> (1.3.6.1.5.5.4)
>> and
>> (1.3.6.1.5.5.8)
>> but no 1.3.6.1.5.5.7, just a reference to Russ.
>>
>>
>> Tom Petch
>>
>> ----- Original Message -----
>> From: "Christopher Morrow"<morrowc.lists@gmail.com>
>> To:<sidr@ietf.org>;<sidr-chairs@ietf.org>
>> Sent: Friday, April 13, 2012 10:16 PM
>>
>> Helo WG peoples,
>> The following update posted today. Sean and Tom have come to agreement
>> on their differences, I believe this closes the last open items on
>> this document.
>>
>> Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012
>>
>> Thanks!
>> -Chris
>> <co-chair>
>>
>> On Fri, Apr 13, 2012 at 3:03 PM,<internet-drafts@ietf.org>  wrote:
>>>
>>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories. This draft is a work item of the Secure Inter-Domain Routing
>> Working Group of the IETF.
>>>
>>> Title : A Profile for BGPSEC Router Certificates, Certificate Revocation
>> Lists, and Certification Requests
>>> Author(s) : Mark Reynolds
>>> Sean Turner
>>> Steve Kent
>>> Filename : draft-ietf-sidr-bgpsec-pki-profiles-03.txt
>>> Pages : 11
>>> Date : 2012-04-13
>>>
>>> This document defines a standard profile for X.509 certificates for
>>> the purposes of supporting validation of Autonomous System (AS) paths
>>> in the Border Gateway Protocol (BGP), as part of an extension to that
>>> protocol known as BGPSEC. BGP is a critical component for the proper
>>> operation of the Internet as a whole. The BGPSEC protocol is under
>>> development as a component to address the requirement to provide
>>> security for the BGP protocol. The goal of BGPSEC is to design a
>>> protocol for full AS path validation based on the use of strong
>>> cryptographic primitives. The end-entity (EE) certificates specified
>>> by this profile are issued under Resource Public Key Infrastructure
>>> (RPKI) Certification Authority (CA) certificates, containing the AS
>>> Identifier Delegation extension, to routers within the Autonomous
>>> System (AS). The certificate asserts that the router(s) holding the
>>> private key are authorized to send out secure route advertisements on
>>> behalf of the specified AS. This document also profiles the
>>> Certificate Revocation List (CRL), profiles the format of
>>> certification requests, and specifies Relying Party certificate path
>>> validation procedures. The document extends the RPKI; therefore,
>>> this documents updates the RPKI Resource Certificates Profile (RFC
>>> 6487).
>>>
>>>
>>> A URL for this Internet-Draft is:
>>> http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt
>>>
>>> Internet-Drafts are also available by anonymous FTP at:
>>> ftp://ftp.ietf.org/internet-drafts/
>>>
>>> This Internet-Draft can be retrieved at:
>>> ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt
>>>
>>> _______________________________________________
>>> sidr mailing list
>>> sidr@ietf.org
>>> https://www.ietf.org/mailman/listinfo/sidr
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
>>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>