[sidr] Template for RPKI signed objects and revised ROA format
Matt Lepinski <mlepinski@bbn.com> Fri, 20 August 2010 18:52 UTC
Return-Path: <mlepinski@bbn.com>
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 49BEE3A6873 for <sidr@core3.amsl.com>; Fri, 20 Aug 2010 11:52:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ya7-Hoh2SqAB for <sidr@core3.amsl.com>; Fri, 20 Aug 2010 11:52:51 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id 5C58A3A6953 for <sidr@ietf.org>; Fri, 20 Aug 2010 11:52:51 -0700 (PDT)
Received: from [128.89.254.57] (port=1226) by smtp.bbn.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.71 (FreeBSD)) (envelope-from <mlepinski@bbn.com>) id 1OmWiT-000PlC-IL for sidr@ietf.org; Fri, 20 Aug 2010 14:53:25 -0400
Message-ID: <4C6ECF3A.4050803@bbn.com>
Date: Fri, 20 Aug 2010 14:53:46 -0400
From: Matt Lepinski <mlepinski@bbn.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100711 Thunderbird/3.0.6
MIME-Version: 1.0
To: sidr@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [sidr] Template for RPKI signed objects and revised ROA format
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Aug 2010 18:52:52 -0000
A significant portion of the SIDR ROA-Format draft is spent specifying the ASN.1 syntax for the CMS encapsulation of the ROA object. (Note also that the SIDR manifest document also includes this ASN.1 syntax for an identical CMS encapsulation.) It was suggested to the authors of the ROA Format draft that the specification of any future RPKI signed objects would be made much simpler if we split the specification of the CMS encapsulation (which pertains to all RPKI signed objects) off from the stuff that is ROA-specific. Therefore, we have produced the two attached drafts for your consideration: draft-achi-rpki-signed-object is a generic template designed to simplify the specification of RPKI signed objects. Note that to instantiate the template and create a new type of RPKI signed object all you have to do is: 1. Get an OID to identify the ContentType for the new type of signed object 2. Specify the ASN.1 syntax for the content of the new type of signed object 3. Specify any additional steps that are required for validating the new type of signed object (beyond the standard steps required for all RPKI signed objects which are specified in the rpki-signed-object draft) draft-ietf-sidr-roa-format is a much shorter version of the roa-format draft which makes use of the generic signed object template and thus only specifies the ROA-specific stuff (that is, the three things I noted above). Note that breaking up the ROA-format document in this fashion in no way changes the syntax or semantics of a ROA (i.e., nothing has changes besides the manner of documentation). Please take a look at these documents and let us know if this is a good way forward. (If it is a good way forward we can easily change [i.e., shorten] the manifest document to use this signed-object template as well.) - Matt Lepinski
- [sidr] Template for RPKI signed objects and revis… Matt Lepinski
- Re: [sidr] Template for RPKI signed objects and r… Randy Bush
- Re: [sidr] Template for RPKI signed objects and r… Randy Bush