Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
Matt Lepinski <mlepinski@bbn.com> Thu, 03 May 2012 18:20 UTC
Return-Path: <mlepinski@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FC6F21F854E for <sidr@ietfa.amsl.com>; Thu, 3 May 2012 11:20:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IXtNIZAhdWBO for <sidr@ietfa.amsl.com>; Thu, 3 May 2012 11:20:07 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id F241721F8665 for <sidr@ietf.org>; Thu, 3 May 2012 11:20:06 -0700 (PDT)
Received: from mail.bbn.com ([128.33.0.48]:60699) by smtp.bbn.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from <mlepinski@bbn.com>) id 1SQ0cw-000G9n-IE for sidr@ietf.org; Thu, 03 May 2012 14:19:42 -0400
Received: from [128.89.254.135] by mail.bbn.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from <mlepinski@bbn.com>) id 1SQ0dK-0004F4-An for sidr@ietf.org; Thu, 03 May 2012 14:20:06 -0400
Message-ID: <4FA2CC65.6030406@bbn.com>
Date: Thu, 03 May 2012 14:20:21 -0400
From: Matt Lepinski <mlepinski@bbn.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: sidr@ietf.org
References: <CAL9jLaZ6y7TAGx844e65ReJsaUFW5sOGNKKMUth3G4VMZV8Z8g@mail.gmail.com> <CAH1iCir2HQXtkNuRqHunAXYwt-VkTF8Yfhn7hNNyFsgGomda9g@mail.gmail.com>
In-Reply-To: <CAH1iCir2HQXtkNuRqHunAXYwt-VkTF8Yfhn7hNNyFsgGomda9g@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------080308050104070705030903"
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 18:20:08 -0000
I have read the -03 version of bgpsec profiles. I think the current version of the document is solid. But I don't think the protocol spec is quite stable enough to say "we aren't going to be making any changes to the bgpsec protocol that will require a change to the profiles document" ... but I hope the protocol spec will soon (several months) be that stable. - Matt Lepinski On 4/13/2012 5:26 PM, Brian Dickson wrote: > While I think the document may be pretty solid currently, the > meta-issue of the tail wagging the dog exists. > > I.e. There still exists the potential for additional requirements to > surface, > related to the design and implementation of the bgpsec protocol, which > have > the potential to "inform" additional requirements for the EE certs, > and/or other (new) cert types. > > So, even if it passes WGLC intact, I'm of the opinion that it should > be kept in the "hold" buffer, > until the other work goes through more substantial development and > review cycles. > > Brian > > On Fri, Apr 13, 2012 at 4:16 PM, Christopher Morrow > <morrowc.lists@gmail.com <mailto:morrowc.lists@gmail.com>> wrote: > > Helo WG peoples, > The following update posted today. Sean and Tom have come to agreement > on their differences, I believe this closes the last open items on > this document. > > Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012 > > Thanks! > -Chris > <co-chair> > > On Fri, Apr 13, 2012 at 3:03 PM, <internet-drafts@ietf.org > <mailto:internet-drafts@ietf.org>> wrote: > > > > A New Internet-Draft is available from the on-line > Internet-Drafts directories. This draft is a work item of the > Secure Inter-Domain Routing Working Group of the IETF. > > > > Title : A Profile for BGPSEC Router > Certificates, Certificate Revocation Lists, and Certification Requests > > Author(s) : Mark Reynolds > > Sean Turner > > Steve Kent > > Filename : draft-ietf-sidr-bgpsec-pki-profiles-03.txt > > Pages : 11 > > Date : 2012-04-13 > > > > This document defines a standard profile for X.509 > certificates for > > the purposes of supporting validation of Autonomous System > (AS) paths > > in the Border Gateway Protocol (BGP), as part of an extension > to that > > protocol known as BGPSEC. BGP is a critical component for the > proper > > operation of the Internet as a whole. The BGPSEC protocol is > under > > development as a component to address the requirement to provide > > security for the BGP protocol. The goal of BGPSEC is to design a > > protocol for full AS path validation based on the use of strong > > cryptographic primitives. The end-entity (EE) certificates > specified > > by this profile are issued under Resource Public Key > Infrastructure > > (RPKI) Certification Authority (CA) certificates, containing > the AS > > Identifier Delegation extension, to routers within the Autonomous > > System (AS). The certificate asserts that the router(s) > holding the > > private key are authorized to send out secure route > advertisements on > > behalf of the specified AS. This document also profiles the > > Certificate Revocation List (CRL), profiles the format of > > certification requests, and specifies Relying Party > certificate path > > validation procedures. The document extends the RPKI; therefore, > > this documents updates the RPKI Resource Certificates Profile (RFC > > 6487). > > > > > > A URL for this Internet-Draft is: > > > http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > This Internet-Draft can be retrieved at: > > > ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt > > > > _______________________________________________ > > sidr mailing list > > sidr@ietf.org <mailto:sidr@ietf.org> > > https://www.ietf.org/mailman/listinfo/sidr > _______________________________________________ > sidr mailing list > sidr@ietf.org <mailto:sidr@ietf.org> > https://www.ietf.org/mailman/listinfo/sidr > > > > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr
- [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles Christopher Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Brian Dickson
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… t.petch
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Chris Morrow
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Matt Lepinski
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Sean Turner
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Murphy, Sandra
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Stephen Kent
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Randy Bush
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Warren Kumari
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Sean Turner
- Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profi… Warren Kumari