Re: [sidr] extensions in RFC6487 but not draft-ietf-sidr-bgpsec-pki-profiles-10
Sean Turner <turners@ieca.com> Fri, 12 June 2015 13:13 UTC
Return-Path: <turners@ieca.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 822601A9177 for <sidr@ietfa.amsl.com>; Fri, 12 Jun 2015 06:13:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.567
X-Spam-Level:
X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cobsiQ8bMjjK for <sidr@ietfa.amsl.com>; Fri, 12 Jun 2015 06:13:03 -0700 (PDT)
Received: from gateway02.websitewelcome.com (gateway02.websitewelcome.com [69.93.126.20]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 627D21A9176 for <sidr@ietf.org>; Fri, 12 Jun 2015 06:13:03 -0700 (PDT)
Received: by gateway02.websitewelcome.com (Postfix, from userid 5007) id 7D38CABD0776C; Fri, 12 Jun 2015 08:13:02 -0500 (CDT)
Received: from gator3286.hostgator.com (gator3286.hostgator.com [198.57.247.250]) by gateway02.websitewelcome.com (Postfix) with ESMTP id 6A1BAABD076EB for <sidr@ietf.org>; Fri, 12 Jun 2015 08:13:02 -0500 (CDT)
Received: from [129.6.255.56] (port=54444) by gator3286.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.82) (envelope-from <turners@ieca.com>) id 1Z3OlZ-0000yA-BU; Fri, 12 Jun 2015 08:13:01 -0500
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Sean Turner <turners@ieca.com>
In-Reply-To: <4b2380ceda4b1f1aea474cc982d29f61@mail.mandelberg.org>
Date: Fri, 12 Jun 2015 09:12:58 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <6FB4073A-3729-44A2-8632-3D5EAA6F0F2C@ieca.com>
References: <4b2380ceda4b1f1aea474cc982d29f61@mail.mandelberg.org>
To: David Mandelberg <david@mandelberg.org>
X-Mailer: Apple Mail (2.1878.6)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator3286.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-IP: 129.6.255.56
X-Exim-ID: 1Z3OlZ-0000yA-BU
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([129.6.255.56]) [129.6.255.56]:54444
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 1
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IzMjg2Lmhvc3RnYXRvci5jb20=
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/MryXCA2p1BFQlbkKRcGkKivOO1U>
Cc: sidr@ietf.org
Subject: Re: [sidr] extensions in RFC6487 but not draft-ietf-sidr-bgpsec-pki-profiles-10
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jun 2015 13:13:04 -0000
Not seeing any objections I’ll go ahead and spin a new version over the weekend. spt On Jun 02, 2015, at 13:32, David Mandelberg <david@mandelberg.org> wrote: > Hi, > > There's some text in draft-ietf-sidr-bgpsec-pki-profiles-10 sections 3.1 and 3.1.3 that I found confusing. For reference, > > https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-pki-profiles-10#section-3.1: > > This profile is also based on [RFC6487] and > only the differences between this profile and the profile in > [RFC6487] are listed. > > https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-pki-profiles-10#section-3.1.3: > > The following X.509 V3 extensions MUST be present (or MUST be absent, > if so stated) in a conforming BGPSEC Router Certificate, except where > explicitly noted otherwise. No other extensions are allowed in a > conforming BGPSEC Router Certificate. > > I checked with the authors, and the intent was that "the following" refers to all extensions in RFC6487 and the updates to extensions in draft-ietf-sidr-bgpsec-pki-profiles-10. However, I initially read the text in 3.1.3 as forbidding all extensions not mentioned in draft-ietf-sidr-bgpsec-pki-profiles-10, including some useful ones like the SKI. > > I think it might be clearer to simply remove the entire first paragraph of section 3.1.3. RFC 6487 section 4.8 contains similar[0] text, and section 3.1 of the draft makes it clear that RFC 6487 section 4.8 applies. > > [0] But not the same. That issue should probably be handled by draft-rhansen-sidr-rfc6487bis though. > > -- > David Eric Mandelberg / dseomn > http://david.mandelberg.org/ > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr
- [sidr] extensions in RFC6487 but not draft-ietf-s… David Mandelberg
- Re: [sidr] extensions in RFC6487 but not draft-ie… Sean Turner