Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-18.txt

Sean Turner <sean@sn3rd.com> Thu, 21 July 2016 08:51 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D04912DC16 for <sidr@ietfa.amsl.com>; Thu, 21 Jul 2016 01:51:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pvhfyB2mJ4RK for <sidr@ietfa.amsl.com>; Thu, 21 Jul 2016 01:51:29 -0700 (PDT)
Received: from mail-qt0-x235.google.com (mail-qt0-x235.google.com [IPv6:2607:f8b0:400d:c0d::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6905D12DB53 for <sidr@ietf.org>; Thu, 21 Jul 2016 01:51:29 -0700 (PDT)
Received: by mail-qt0-x235.google.com with SMTP id w38so40246132qtb.0 for <sidr@ietf.org>; Thu, 21 Jul 2016 01:51:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=8elcT+nXYQ3rdCSMi5yvtdikJaXCFtkxL5yo4t6Okfg=; b=i6g1yjrk4F2YMbmRQTXN4WIqIFx3R5axtiPPwgfZ5tmZgifkE9QkZJFHUHP5dzrzHz oiFFaZITGPEgSt//QVgZNsib+rWQDehk8ebFH9t/kdSl9WFswF3zqx/ec3pjfq7be5Hu hxUkrbtWXUCmjoeGd2iFlbLmbb/FSdO/JT1GQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=8elcT+nXYQ3rdCSMi5yvtdikJaXCFtkxL5yo4t6Okfg=; b=dZANNUP3yhXvyOkQQX+XA9T2VR3yoMVsjQ6oDercf73TBTzn1X2ALf64JqM84hPisn QMCN9yMSBsubysPh3lM+KMRMC/kN+048/UFATh4DHiDflNJk5JW7/3pQseiU9wnwup8d ydUqSDKb0hedr+RhkzZOtDMmXayxslcUOZ/Xm/H25qfUePB6IUjhNsviBWObKvZFxjgQ F1Zh++pTnFo7cMqiEctD3C2PFRsWl0bwBSZI5Nb2+tdTHlJ9pTDKfRFG6+D+NfCpADjh Bi2MN2ALNaWlK44p1qgzsLxYDeQGbacH3B4jnNeTJSxJmY/xe0jUPRgkvb0WxDfnWLiR rxCg==
X-Gm-Message-State: ALyK8tJFlPbmBTzIhu2sr3rV3Wa58qviVA0Z9RPpZUTnSkBk1h//v2AFp8lsELKcJrvu4A==
X-Received: by 10.237.35.76 with SMTP id i12mr41623914qtc.41.1469091088416; Thu, 21 Jul 2016 01:51:28 -0700 (PDT)
Received: from [172.16.0.112] ([96.231.230.69]) by smtp.gmail.com with ESMTPSA id j7sm3735670qkf.11.2016.07.21.01.51.26 for <sidr@ietf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 21 Jul 2016 01:51:27 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <20160721084939.4433.46916.idtracker@ietfa.amsl.com>
Date: Thu, 21 Jul 2016 04:51:23 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <F5DC00E5-C60A-4A1A-9CD6-712D3A2C4A37@sn3rd.com>
References: <20160721084939.4433.46916.idtracker@ietfa.amsl.com>
To: sidr <sidr@ietf.org>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/L5Fe6lP6vQpomPKQb1GbkSMNpVs>
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-18.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2016 08:51:32 -0000

Changes as a result of discussions inspired by the validation reconsidered draft.

spt

> On Jul 21, 2016, at 04:49, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Secure Inter-Domain Routing of the IETF.
> 
>        Title           : A Profile for BGPsec Router Certificates, Certificate Revocation Lists, and Certification Requests
>        Authors         : Mark Reynolds
>                          Sean Turner
>                          Stephen Kent
> 	Filename        : draft-ietf-sidr-bgpsec-pki-profiles-18.txt
> 	Pages           : 13
> 	Date            : 2016-07-21
> 
> Abstract:
>   This document defines a standard profile for X.509 certificates used
>   to enable validation of Autonomous System (AS) paths in the Border
>   Gateway Protocol (BGP), as part of an extension to that protocol
>   known as BGPsec.  BGP is the standard for inter-domain routing in the
>   Internet; it is the "glue" that holds the Internet together. BGPsec
>   is being developed as one component of a solution that addresses the
>   requirement to provide security for BGP.  The goal of BGPsec is to
>   provide full AS path validation based on the use of strong
>   cryptographic primitives.  The end-entity (EE) certificates specified
>   by this profile are issued (to routers within an Autonomous System).
>   Each of these certificates is issued under a Resource Public Key
>   Infrastructure (RPKI) Certification Authority (CA) certificate.
>   These CA certificates and EE certificates both contain the AS
>   Identifier Delegation extension.  An EE certificate of this type
>   asserts that the router(s) holding the corresponding private key are
>   authorized to emit secure route advertisements on behalf of the
>   AS(es) specified in the certificate.  This document also profiles the
>   format of certification requests, and specifies Relying Party (RP)
>   certificate path validation procedures for these EE certificates.
>   This document extends the RPKI; therefore, this documents updates the
>   RPKI Resource Certificates Profile (RFC 6487).
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-pki-profiles/
> 
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-pki-profiles-18
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-pki-profiles-18
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr