[sidr] question on SKI and router public key retrieval in signature attribute in BGPSEC
nalini iyer <nlniyer2@gmail.com> Wed, 14 March 2012 14:20 UTC
Return-Path: <nlniyer2@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 793D221F881F for <sidr@ietfa.amsl.com>; Wed, 14 Mar 2012 07:20:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.74
X-Spam-Level:
X-Spam-Status: No, score=-1.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mpLD6e4Vta8I for <sidr@ietfa.amsl.com>; Wed, 14 Mar 2012 07:20:26 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id CA0FD21F881E for <sidr@ietf.org>; Wed, 14 Mar 2012 07:20:25 -0700 (PDT)
Received: by vcbfk13 with SMTP id fk13so2424281vcb.31 for <sidr@ietf.org>; Wed, 14 Mar 2012 07:20:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=rSGvz7/cq4vhB4Bs+7Kjv6SWZoNOBvFFjqyiV2uyG0c=; b=AWyPTIKKo+8n8JWLsMfFOq9wnkGXeipbkV5uKeneSp1+2SCRBn10z3AV8knBtl/2eG 3I3cPyScuQN3cj/mhi4zEi9shGisSGw4NwG+WLrfn2Ex5YxH4bDG3zrogCRtWDqnVjsy x0Ot7QkyU77J5EV6J6kT02znIlqzX6ku3FdqTuUO1HQ66YhWja3qdRlAgIXKic0Lxn/m aSHfR0PRYebtKWto3LApVLmEdQfEcJIQdZ1SEfguw7DxKcS2anw8bZuupDcrFL8Yq0Mq daeysf+JrNxBdlJ/cYHpDiyqKDWpiUXwVxFXoBq5sjk1E16NcVdk9Dodj22D2GuRZZa+ 9u+A==
MIME-Version: 1.0
Received: by 10.52.71.80 with SMTP id s16mr1901339vdu.131.1331734825362; Wed, 14 Mar 2012 07:20:25 -0700 (PDT)
Received: by 10.220.151.205 with HTTP; Wed, 14 Mar 2012 07:20:25 -0700 (PDT)
Date: Wed, 14 Mar 2012 10:20:25 -0400
Message-ID: <CAPFvSjVDvGap-+yV7J4nirTtU3jygx6rsGTAyUjHSvh9iqjmbA@mail.gmail.com>
From: nalini iyer <nlniyer2@gmail.com>
To: sidr@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [sidr] question on SKI and router public key retrieval in signature attribute in BGPSEC
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2012 14:20:26 -0000
Sorry for asking this but despite looking at likely sources off the documents list on the SIDR page am still in the dark, and would like to confirm suspicions. The SKI in the signature attribute is a hash of the signing router's public key, a) Is this hashed with the CA's pvt key? b) How is the corresponding CA certificate (to de-hash the SKI) obtained? c) From where is the router EE cert identified by the SKI then obtained, or is getting the router's cert considered unnecessary as the router public key is contained in the de-hashed SKI? thank you, N.I.
- [sidr] question on SKI and router public key retr… nalini iyer
- Re: [sidr] question on SKI and router public key … Stephen Kent
- [sidr] FW: question on SKI and router public key … Murphy, Sandra