[sidr] Proposed -03 signature block format, reserved field
Jeffrey Haas <jhaas@pfrc.org> Wed, 28 March 2012 07:35 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A6DF21F876A for <sidr@ietfa.amsl.com>; Wed, 28 Mar 2012 00:35:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.15
X-Spam-Level:
X-Spam-Status: No, score=-102.15 tagged_above=-999 required=5 tests=[AWL=0.115, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M4PBz2b6snsg for <sidr@ietfa.amsl.com>; Wed, 28 Mar 2012 00:35:12 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 0152F21F863D for <sidr@ietf.org>; Wed, 28 Mar 2012 00:35:11 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 8095A170410; Wed, 28 Mar 2012 03:35:11 -0400 (EDT)
Date: Wed, 28 Mar 2012 03:35:11 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: sidr@ietf.org
Message-ID: <20120328073511.GA17790@slice>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: [sidr] Proposed -03 signature block format, reserved field
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 07:35:12 -0000
Per mic comment: The slides propose a 8 octet "reserved field". Instead, consider making it a container for TLVs. Length field of 2 octets. Consider immediately specifying TLVs in it: 1 (or 2?) octet code point, 2 octet lengths. Immediately request a registry for this reserved section with first come-first served/experimental code points. One example would be to embed secured community values. Note that this would be distinct from flagging that we'd want to note that we should sign the community path attribute. The problem with signing the community attribute is that there is a strong expectation in that path attribute that it may be modified on a hop-by-hop basis. -- Jeff
- [sidr] Proposed -03 signature block format, reser… Jeffrey Haas