Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
Sean Turner <turners@ieca.com> Fri, 04 May 2012 15:36 UTC
Return-Path: <turners@ieca.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D38221F870F for <sidr@ietfa.amsl.com>; Fri, 4 May 2012 08:36:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.952
X-Spam-Level:
X-Spam-Status: No, score=-101.952 tagged_above=-999 required=5 tests=[AWL=-0.287, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_15=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UHXFQQUHJ9pf for <sidr@ietfa.amsl.com>; Fri, 4 May 2012 08:36:22 -0700 (PDT)
Received: from gateway14.websitewelcome.com (gateway14.websitewelcome.com [67.18.70.2]) by ietfa.amsl.com (Postfix) with ESMTP id 7256821F8685 for <sidr@ietf.org>; Fri, 4 May 2012 08:36:22 -0700 (PDT)
Received: by gateway14.websitewelcome.com (Postfix, from userid 5007) id CF4664D062442; Fri, 4 May 2012 10:36:21 -0500 (CDT)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway14.websitewelcome.com (Postfix) with ESMTP id C1BB84D062422 for <sidr@ietf.org>; Fri, 4 May 2012 10:36:21 -0500 (CDT)
Received: from [198.180.150.230] (port=49950 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <turners@ieca.com>) id 1SQKYP-0002S5-09; Fri, 04 May 2012 10:36:21 -0500
Message-ID: <4FA3F774.7040803@ieca.com>
Date: Fri, 04 May 2012 11:36:20 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20120420 Thunderbird/12.0
MIME-Version: 1.0
To: Chris Morrow <morrowc@ops-netman.net>, "t.petch" <ietfc@btconnect.com>
References: <CAL9jLaZ6y7TAGx844e65ReJsaUFW5sOGNKKMUth3G4VMZV8Z8g@mail.gmail.com> <00d501cd2902$7a53d440$4001a8c0@gateway.2wire.net> <4FA292AF.2040901@ops-netman.net>
In-Reply-To: <4FA292AF.2040901@ops-netman.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: v230.vpn.iad.rg.net (thunderfish.local) [198.180.150.230]:49950
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 2
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Cc: sidr@ietf.org, sidr-chairs@ietf.org, "sidr-ads@tools.ietf.org" <sidr-ads@tools.ietf.org>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2012 15:36:23 -0000
On 5/3/12 10:14 AM, Chris Morrow wrote: > > > On 05/03/2012 03:57 AM, t.petch wrote: >> A question arising from my ignorance. >> >> How do values in the security arc get assigned? Not IANA since there are no >> IANA considerations, but how then? > > good question... the below are asn.1 things, quickly searching around > isn't helping me out much either :( > > Russ, any idea how this happens in practice? 'lick finger, test wind, > guess number' seems like the wrong method... Russ Housley controls the pkix arc (has for years). If we need a value from that arc (e.g., for the EKU extension and module OID), then we'll/I'll send a request to Russ for an OID. He then returns an OID after some review. I know he often compiles the modules too. If you're curious about the OIDs under the 1.3.6.1.5.5.7 arc, the values can be found at: http://www.imc.org/ietf-pkix/pkix-oid.asn. The longer term plan is to transition the arc to IANA when PKIX closes. spt >> >> On the IANA profiles web page I can see >> (1.3.6.1.5.5.4) >> and >> (1.3.6.1.5.5.8) >> but no 1.3.6.1.5.5.7, just a reference to Russ. >> >> >> Tom Petch >> >> ----- Original Message ----- >> From: "Christopher Morrow"<morrowc.lists@gmail.com> >> To:<sidr@ietf.org>;<sidr-chairs@ietf.org> >> Sent: Friday, April 13, 2012 10:16 PM >> >> Helo WG peoples, >> The following update posted today. Sean and Tom have come to agreement >> on their differences, I believe this closes the last open items on >> this document. >> >> Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012 >> >> Thanks! >> -Chris >> <co-chair> >> >> On Fri, Apr 13, 2012 at 3:03 PM,<internet-drafts@ietf.org> wrote: >>> >>> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. This draft is a work item of the Secure Inter-Domain Routing >> Working Group of the IETF. >>> >>> Title : A Profile for BGPSEC Router Certificates, Certificate Revocation >> Lists, and Certification Requests >>> Author(s) : Mark Reynolds >>> Sean Turner >>> Steve Kent >>> Filename : draft-ietf-sidr-bgpsec-pki-profiles-03.txt >>> Pages : 11 >>> Date : 2012-04-13 >>> >>> This document defines a standard profile for X.509 certificates for >>> the purposes of supporting validation of Autonomous System (AS) paths >>> in the Border Gateway Protocol (BGP), as part of an extension to that >>> protocol known as BGPSEC. BGP is a critical component for the proper >>> operation of the Internet as a whole. The BGPSEC protocol is under >>> development as a component to address the requirement to provide >>> security for the BGP protocol. The goal of BGPSEC is to design a >>> protocol for full AS path validation based on the use of strong >>> cryptographic primitives. The end-entity (EE) certificates specified >>> by this profile are issued under Resource Public Key Infrastructure >>> (RPKI) Certification Authority (CA) certificates, containing the AS >>> Identifier Delegation extension, to routers within the Autonomous >>> System (AS). The certificate asserts that the router(s) holding the >>> private key are authorized to send out secure route advertisements on >>> behalf of the specified AS. This document also profiles the >>> Certificate Revocation List (CRL), profiles the format of >>> certification requests, and specifies Relying Party certificate path >>> validation procedures. The document extends the RPKI; therefore, >>> this documents updates the RPKI Resource Certificates Profile (RFC >>> 6487). >>> >>> >>> A URL for this Internet-Draft is: >>> http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt >>> >>> Internet-Drafts are also available by anonymous FTP at: >>> ftp://ftp.ietf.org/internet-drafts/ >>> >>> This Internet-Draft can be retrieved at: >>> ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt >>> >>> _______________________________________________ >>> sidr mailing list >>> sidr@ietf.org >>> https://www.ietf.org/mailman/listinfo/sidr >> _______________________________________________ >> sidr mailing list >> sidr@ietf.org >> https://www.ietf.org/mailman/listinfo/sidr >> > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr >
- [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Brian Dickson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… t.petch
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Chris Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Matt Lepinski
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Sean Turner
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Murphy, Sandra
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Stephen Kent
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Warren Kumari
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Sean Turner
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Warren Kumari