[sidr] Proposed -03 signature block format, reserved field

Jeffrey Haas <jhaas@pfrc.org> Wed, 28 March 2012 07:35 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A6DF21F876A for <sidr@ietfa.amsl.com>; Wed, 28 Mar 2012 00:35:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.15
X-Spam-Level:
X-Spam-Status: No, score=-102.15 tagged_above=-999 required=5 tests=[AWL=0.115, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M4PBz2b6snsg for <sidr@ietfa.amsl.com>; Wed, 28 Mar 2012 00:35:12 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 0152F21F863D for <sidr@ietf.org>; Wed, 28 Mar 2012 00:35:11 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 8095A170410; Wed, 28 Mar 2012 03:35:11 -0400 (EDT)
Date: Wed, 28 Mar 2012 03:35:11 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: sidr@ietf.org
Message-ID: <20120328073511.GA17790@slice>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: [sidr] Proposed -03 signature block format, reserved field
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 07:35:12 -0000

Per mic comment:
The slides propose a 8 octet "reserved field".

Instead, consider making it a container for TLVs.  Length field of 2 octets.
Consider immediately specifying TLVs in it: 1 (or 2?) octet code point, 2
octet lengths.  Immediately request a registry for this reserved section
with first come-first served/experimental code points.

One example would be to embed secured community values.  Note that this
would be distinct from flagging that we'd want to note that we should sign
the community path attribute.  The problem with signing the community
attribute is that there is a strong expectation in that path attribute that
it may be modified on a hop-by-hop basis.

-- Jeff