Re: [sidr] is a longer announce invalid or not found?
Sandra Murphy <Sandra.Murphy@sparta.com> Fri, 30 September 2011 20:53 UTC
Return-Path: <Sandra.Murphy@cobham.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A0D421F8AAA for <sidr@ietfa.amsl.com>; Fri, 30 Sep 2011 13:53:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.211
X-Spam-Level:
X-Spam-Status: No, score=-102.211 tagged_above=-999 required=5 tests=[AWL=0.388, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VRR-WWBZiN8t for <sidr@ietfa.amsl.com>; Fri, 30 Sep 2011 13:53:17 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 659EE21F8AA9 for <sidr@ietf.org>; Fri, 30 Sep 2011 13:53:17 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id p8UKu4Uo010950; Fri, 30 Sep 2011 15:56:04 -0500
Received: from mailbin2.ads.sparta.com (mailbin.sparta.com [157.185.85.6]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id p8UKu2UW022672; Fri, 30 Sep 2011 15:56:04 -0500
Received: from SMURPHY-LT.columbia.ads.sparta.com ([157.185.81.164]) by mailbin2.ads.sparta.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Fri, 30 Sep 2011 16:56:01 -0400
Date: Fri, 30 Sep 2011 16:56:01 -0400
From: Sandra Murphy <Sandra.Murphy@sparta.com>
To: Randy Bush <randy@psg.com>
In-Reply-To: <m2ipo9sqlg.wl%randy@psg.com>
Message-ID: <Pine.WNT.4.64.1109301651080.3100@SMURPHY-LT.columbia.ads.sparta.com>
References: <m2d3eilpnq.wl%randy@psg.com> <20110930101754.GB10004@juniper.net> <m2ehyytj2l.wl%randy@psg.com> <20110930122831.GA10176@juniper.net> <m2bou2t7x5.wl%randy@psg.com> <3B65FD95-2E66-4D1F-B630-976ECE99050A@ericsson.com> <m2sjndsrs5.wl%randy@psg.com> <7309FCBCAE981B43ABBE69B31C8D213914A3308B30@EUSAACMS0701.eamcs.ericsson.se> <m2mxdlsqzu.wl%randy@psg.com> <m2ipo9sqlg.wl%randy@psg.com>
X-X-Sender: sandy@mailbin.sparta.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-OriginalArrivalTime: 30 Sep 2011 20:56:01.0961 (UTC) FILETIME=[5CCB6990:01CC7FB3]
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] is a longer announce invalid or not found?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2011 20:53:18 -0000
Speaking as regular ol' member On Sat, 1 Oct 2011, Randy Bush wrote: >> a (let's assume dual homed) leaf site does not have to do much for >> bgpsec. their upstreams validate, so they do not have to. all they >> have to do is sign their announcement. we refer to this as a >> 'simplex' site, they announce signed but do not accept signed data, do >> not hold any key or cert other than their own, ... cool result is >> that current leaf site hardware could do this, no upgrade. so, for my >> simplex lazy customer, yes i gen the bgpsec router key for them, and >> they or i stuff it in their router. > > < side discussion > > > cool hack 14.3: the router itself can gen the public/private key pair a > la ssh, the person configuring can extract the public key and send it to > the rpki goddesses to be signed by the appropriate cert and put in the > rpki. the private key never leaves the router! I believe that Steve Kent says that usually a certificate request is required to present Proof Of Possession (of the private key). So just discovering the public key somehow would not be sufficient to be able to request a cert with that public key. I await correction in quoting Steve. --Sandy, speaking as regular ol' member > > randy > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr >
- [sidr] is a longer announce invalid or not found? Randy Bush
- Re: [sidr] is a longer announce invalid or not fo… Pradosh Mohapatra
- Re: [sidr] is a longer announce invalid or not fo… Randy Bush
- Re: [sidr] is a longer announce invalid or not fo… Robert Raszuk
- Re: [sidr] is a longer announce invalid or not fo… Randy Bush
- Re: [sidr] is a longer announce invalid or not fo… Hannes Gredler
- Re: [sidr] is a longer announce invalid or not fo… Randy Bush
- Re: [sidr] is a longer announce invalid or not fo… Hannes Gredler
- Re: [sidr] is a longer announce invalid or not fo… Randy Bush
- Re: [sidr] is a longer announce invalid or not fo… Jakob Heitz
- Re: [sidr] is a longer announce invalid or not fo… Randy Bush
- Re: [sidr] is a longer announce invalid or not fo… Jakob Heitz
- Re: [sidr] is a longer announce invalid or not fo… Randy Bush
- Re: [sidr] is a longer announce invalid or not fo… Sandra Murphy
- Re: [sidr] is a longer announce invalid or not fo… Randy Bush
- Re: [sidr] is a longer announce invalid or not fo… Sandra Murphy
- Re: [sidr] is a longer announce invalid or not fo… Randy Bush
- Re: [sidr] is a longer announce invalid or not fo… Sandra Murphy
- Re: [sidr] is a longer announce invalid or not fo… Randy Bush
- Re: [sidr] is a longer announce invalid or not fo… Sandra Murphy
- Re: [sidr] is a longer announce invalid or not fo… Sriram, Kotikalapudi
- Re: [sidr] is a longer announce invalid or not fo… Stephen Kent