Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles

Brian Dickson <brian.peter.dickson@gmail.com> Fri, 13 April 2012 21:26 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2401A11E8128; Fri, 13 Apr 2012 14:26:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.441
X-Spam-Level:
X-Spam-Status: No, score=-3.441 tagged_above=-999 required=5 tests=[AWL=0.157, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k3XRsX6zDEfg; Fri, 13 Apr 2012 14:26:53 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) by ietfa.amsl.com (Postfix) with ESMTP id C1D6911E8123; Fri, 13 Apr 2012 14:26:52 -0700 (PDT)
Received: by wibhj6 with SMTP id hj6so5930001wib.13 for <multiple recipients>; Fri, 13 Apr 2012 14:26:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=7veVTsum3hoUeEQ2X33U2Aviq+MZfFaRiOtsPfX2OyU=; b=lRmzAiqR2QNL4B9ih/3jgyxYS69/JngBkVLPTx+12td8GfL8tf/tcQwTXt6xhG5GUi 9fy5JuIb5TDWKCGyE10vGYy3q58dEy4zvlEESDEtsmg9gv2XXxf+loji2FHqgrsHmJVi O7LuV6+gU3U3U9+014FnzQNWRPNG0Qo6k0kjc+m2HjrWzoj12WNsv6elSZgm4RxQ5O8p mdeObXeJEc9hTAc/nxV+MWs9TgULNss8Shvx5dom6WsWINhESNmiT+Yip9YrGlrPSNsk tJXBY6lmRRUK7rkU5kw1eb91WYjR4UG/miJ2obwBkAmRCdz70S6I9tjXZaa3LWHw4Lcl MFDg==
MIME-Version: 1.0
Received: by 10.180.100.230 with SMTP id fb6mr9217635wib.3.1334352411855; Fri, 13 Apr 2012 14:26:51 -0700 (PDT)
Received: by 10.223.88.212 with HTTP; Fri, 13 Apr 2012 14:26:51 -0700 (PDT)
In-Reply-To: <CAL9jLaZ6y7TAGx844e65ReJsaUFW5sOGNKKMUth3G4VMZV8Z8g@mail.gmail.com>
References: <CAL9jLaZ6y7TAGx844e65ReJsaUFW5sOGNKKMUth3G4VMZV8Z8g@mail.gmail.com>
Date: Fri, 13 Apr 2012 17:26:51 -0400
Message-ID: <CAH1iCir2HQXtkNuRqHunAXYwt-VkTF8Yfhn7hNNyFsgGomda9g@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
To: Christopher Morrow <morrowc.lists@gmail.com>
Content-Type: multipart/alternative; boundary=f46d041824ee838b2a04bd96211b
Cc: sidr-chairs@ietf.org, sidr@ietf.org
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2012 21:26:54 -0000

While I think the document may be pretty solid currently, the meta-issue of
the tail wagging the dog exists.

I.e. There still exists the potential for additional requirements to
surface,
related to the design and implementation of the bgpsec protocol, which have
the potential to "inform" additional requirements for the EE certs, and/or
other (new) cert types.

So, even if it passes WGLC intact, I'm of the opinion that it should be
kept in the "hold" buffer,
until the other work goes through more substantial development and review
cycles.

Brian

On Fri, Apr 13, 2012 at 4:16 PM, Christopher Morrow <morrowc.lists@gmail.com
> wrote:

> Helo WG peoples,
> The following update posted today. Sean and Tom have come to agreement
> on their differences, I believe this closes the last open items on
> this document.
>
> Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012
>
> Thanks!
> -Chris
> <co-chair>
>
> On Fri, Apr 13, 2012 at 3:03 PM,  <internet-drafts@ietf.org> wrote:
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories. This draft is a work item of the Secure Inter-Domain Routing
> Working Group of the IETF.
> >
> >        Title           : A Profile for BGPSEC Router Certificates,
> Certificate Revocation Lists, and Certification Requests
> >        Author(s)       : Mark Reynolds
> >                          Sean Turner
> >                          Steve Kent
> >        Filename        : draft-ietf-sidr-bgpsec-pki-profiles-03.txt
> >        Pages           : 11
> >        Date            : 2012-04-13
> >
> >   This document defines a standard profile for X.509 certificates for
> >   the purposes of supporting validation of Autonomous System (AS) paths
> >   in the Border Gateway Protocol (BGP), as part of an extension to that
> >   protocol known as BGPSEC.  BGP is a critical component for the proper
> >   operation of the Internet as a whole.  The BGPSEC protocol is under
> >   development as a component to address the requirement to provide
> >   security for the BGP protocol.  The goal of BGPSEC is to design a
> >   protocol for full AS path validation based on the use of strong
> >   cryptographic primitives.  The end-entity (EE) certificates specified
> >   by this profile are issued under Resource Public Key Infrastructure
> >   (RPKI) Certification Authority (CA) certificates, containing the AS
> >   Identifier Delegation extension, to routers within the Autonomous
> >   System (AS).  The certificate asserts that the router(s) holding the
> >   private key are authorized to send out secure route advertisements on
> >   behalf of the specified AS.  This document also profiles the
> >   Certificate Revocation List (CRL), profiles the format of
> >   certification requests, and specifies Relying Party certificate path
> >   validation procedures.  The document extends the RPKI; therefore,
> >   this documents updates the RPKI Resource Certificates Profile (RFC
> >   6487).
> >
> >
> > A URL for this Internet-Draft is:
> >
> http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > This Internet-Draft can be retrieved at:
> >
> ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt
> >
> > _______________________________________________
> > sidr mailing list
> > sidr@ietf.org
> > https://www.ietf.org/mailman/listinfo/sidr
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>