IETF Logo Mail Archive

Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))

"Osterweil, Eric" <eosterweil@verisign.com> Sat, 05 May 2012 02:06 UTC

Return-Path: <eosterweil@verisign.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C36F121F847A for <sidr@ietfa.amsl.com>; Fri, 4 May 2012 19:06:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.116
X-Spam-Level:
X-Spam-Status: No, score=-6.116 tagged_above=-999 required=5 tests=[AWL=0.483, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ggZMS4mV6HU7 for <sidr@ietfa.amsl.com>; Fri, 4 May 2012 19:06:59 -0700 (PDT)
Received: from exprod6og108.obsmtp.com (exprod6og108.obsmtp.com [64.18.1.21]) by ietfa.amsl.com (Postfix) with ESMTP id 6CC7521F8476 for <sidr@ietf.org>; Fri, 4 May 2012 19:06:55 -0700 (PDT)
Received: from peregrine.verisign.com ([216.168.239.74]) (using TLSv1) by exprod6ob108.postini.com ([64.18.5.12]) with SMTP ID DSNKT6SLNItAhG54KfcuN8YrO6ffvGsGti12@postini.com; Fri, 04 May 2012 19:06:58 PDT
Received: from brn1wnexcas02.vcorp.ad.vrsn.com (brn1wnexcas02.vcorp.ad.vrsn.com [10.173.152.206]) by peregrine.verisign.com (8.13.6/8.13.4) with ESMTP id q4526hWE031813 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 4 May 2012 22:06:43 -0400
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas02.vcorp.ad.vrsn.com ([::1]) with mapi id 14.02.0247.003; Fri, 4 May 2012 22:06:43 -0400
From: "Osterweil, Eric" <eosterweil@verisign.com>
To: "'morrowc.lists@gmail.com'" <morrowc.lists@gmail.com>
Thread-Topic: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))
Thread-Index: AQHNKkSJz7TI33mXqEag9uIgDcAF15a6YCwkgABLHAD//7+QooAAR5SA///AeMs=
Date: Sat, 05 May 2012 02:06:42 +0000
Message-ID: <CE0C4A314044C843AEE900875D90D54E1084BB@BRN1WNEXMBX01.vcorp.ad.vrsn.com>
In-Reply-To: <CAL9jLaZMkT-F5x5LAsjDhXsNnbG9akLhEotwT-eC=-6yX0J0kw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.13.175]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "'sidr-chairs@tools.ietf.org'" <sidr-chairs@tools.ietf.org>, "'Sandra.Murphy@sparta.com'" <Sandra.Murphy@sparta.com>, "'sidr-ads@tools.ietf.org'" <sidr-ads@tools.ietf.org>, "'morrowc@ops-netman.net'" <morrowc@ops-netman.net>, "'sidr@ietf.org'" <sidr@ietf.org>
Subject: Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 May 2012 02:06:59 -0000

Hey Chris,

The implications of putting signatures on updates that are both globally visible/verifiable and implicitly give object-level security to updates is WAY different than the semantics of the keying done today.  The implications of the scope of these keys puts them in a much different role.  I was assuming that was clear, but maybe not?

Eric


----- Original Message -----
From: Christopher Morrow [mailto:morrowc.lists@gmail.com]
Sent: Friday, May 04, 2012 09:54 PM
To: Osterweil, Eric
Cc: morrowc@ops-netman.net <morrowc@ops-netman.net>; Sandra.Murphy@sparta.com <Sandra.Murphy@sparta.com>; danny@tcb.net <danny@tcb.net>; sidr@ietf.org <sidr@ietf.org>; sidr-chairs@tools.ietf.org <sidr-chairs@tools.ietf.org>; sidr-ads@tools.ietf.org <sidr-ads@tools.ietf.org>
Subject: Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))

On Fri, May 4, 2012 at 9:37 PM, Osterweil, Eric <eosterweil@verisign.com> wrote:
> Hey Chris,
>
> Yeah, I read that. I know there's a tendency for some people to want to talk about bath houses on this list, but I was going to pass on that.
>
> As for draft-ymbk-bgpsec-rtr-rekeying-00.txt, that draft just points out the inadequacies of either approach and that there is no good solution. My take is that this is indicative of a misalignment between a given architecture and implicit requirements. Sometimes you can't patch the holes in a leaky ship, you need to reassess the requirements. I think the evidence illustrates that this is the case here.
>

it seems to me that putting key-material on a distant router is done
today... isn't it? or are you saying that how you do it today leaves
you feeling icky, and you'd rather another method be devised?

Could you outline a possible method? (provide a solution, for instance)

> Eric
>
>
> ----- Original Message -----
> From: Chris Morrow [mailto:morrowc@ops-netman.net]
> Sent: Friday, May 04, 2012 09:28 PM
> To: Osterweil, Eric
> Cc: 'Sandra.Murphy@sparta.com' <Sandra.Murphy@sparta.com>; 'danny@tcb.net' <danny@tcb.net>; 'morrowc.lists@gmail.com' <morrowc.lists@gmail.com>; 'sidr@ietf.org' <sidr@ietf.org>; 'sidr-chairs@tools.ietf.org' <sidr-chairs@tools.ietf.org>; 'sidr-ads@tools.ietf.org' <sidr-ads@tools.ietf.org>
> Subject: Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))
>
>
>
> On 05/04/2012 08:59 PM, Osterweil, Eric wrote:
>
>> His point is NOT addressed by any draft in the wg (since you asked).
>
> read randy's mentioned draft?

v2.23.0 | Report a Bug | By Email