IETF Logo Mail Archive

Re: [sidr] Key learning procedures in BGPsec?

Tim Bruijnzeels <tim@ripe.net> Wed, 18 January 2012 09:11 UTC

Return-Path: <tim@ripe.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71CEE21F8773 for <sidr@ietfa.amsl.com>; Wed, 18 Jan 2012 01:11:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ME2zCrd4V1Ih for <sidr@ietfa.amsl.com>; Wed, 18 Jan 2012 01:11:56 -0800 (PST)
Received: from postgirl.ripe.net (postgirl.ipv6.ripe.net [IPv6:2001:67c:2e8:11::c100:1342]) by ietfa.amsl.com (Postfix) with ESMTP id 9857821F8762 for <sidr@ietf.org>; Wed, 18 Jan 2012 01:11:56 -0800 (PST)
Received: from dodo.ripe.net ([193.0.23.4]) by postgirl.ripe.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <tim@ripe.net>) id 1RnRYe-0001GX-0G; Wed, 18 Jan 2012 10:11:54 +0100
Received: from timbru.vpn.ripe.net ([193.0.21.62]) by dodo.ripe.net with esmtps (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from <tim@ripe.net>) id 1RnRYd-0006VM-Ag; Wed, 18 Jan 2012 10:11:51 +0100
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/alternative; boundary="Apple-Mail-1-678359642"
From: Tim Bruijnzeels <tim@ripe.net>
In-Reply-To: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com>
Date: Wed, 18 Jan 2012 10:11:50 +0100
Message-Id: <1738295B-1B66-432E-9F10-FACC1CDCBCDA@ripe.net>
References: <13269421-8A36-4628-9F1A-30E02B922AE1@verisign.com>
To: Eric Osterweil <eosterweil@verisign.com>
X-Mailer: Apple Mail (2.1084)
X-RIPE-Spam-Level: --
X-RIPE-Spam-Report: Spam Total Points: -2.9 points pts rule name description ---- ---------------------- ------------------------------------ -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 HTML_MESSAGE BODY: HTML included in message
X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a07190c837fbb3da52751707911460d4bdb45
Cc: "sidr@ietf.org list" <sidr@ietf.org>
Subject: Re: [sidr] Key learning procedures in BGPsec?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2012 09:11:57 -0000

Hi,

On Jan 18, 2012, at 12:36 AM, Eric Osterweil wrote:
> 2 - How do we envision the process of an AS getting its own private key information installed on all of its routers?*  Without _these_, updates cannot be signed...

I don't know for a fact, but I expect that the router key pair is created on the router itself. The private key never leaves it, but the public key can be exported so that it can be put on a (EE?) certificate signed by the holder of the AS.

I have to admit though that I am not fully up to speed with all the bgpsec documents, it's somewhere on my todo list, but my main focus here has been on publication and validation related matters, not so much bgp and router..

Tim

v2.23.0 | Report a Bug | By Email