IETF Logo Mail Archive

Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))

Jakob Heitz <jakob.heitz@ericsson.com> Sat, 05 May 2012 03:02 UTC

Return-Path: <jakob.heitz@ericsson.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B38CB21F847D for <sidr@ietfa.amsl.com>; Fri, 4 May 2012 20:02:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.367
X-Spam-Level:
X-Spam-Status: No, score=-6.367 tagged_above=-999 required=5 tests=[AWL=0.232, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DGAhuoFCOKgL for <sidr@ietfa.amsl.com>; Fri, 4 May 2012 20:02:07 -0700 (PDT)
Received: from imr3.ericy.com (imr3.ericy.com [198.24.6.13]) by ietfa.amsl.com (Postfix) with ESMTP id 22DC121F8473 for <sidr@ietf.org>; Fri, 4 May 2012 20:02:06 -0700 (PDT)
Received: from eusaamw0706.eamcs.ericsson.se ([147.117.20.31]) by imr3.ericy.com (8.13.8/8.13.8) with ESMTP id q453223e012473 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 4 May 2012 22:02:02 -0500
Received: from EUSAACMS0701.eamcs.ericsson.se ([169.254.1.6]) by eusaamw0706.eamcs.ericsson.se ([147.117.20.31]) with mapi; Fri, 4 May 2012 23:02:01 -0400
From: Jakob Heitz <jakob.heitz@ericsson.com>
To: Christopher Morrow <morrowc.lists@gmail.com>, "Osterweil, Eric" <eosterweil@verisign.com>
Date: Fri, 04 May 2012 23:01:59 -0400
Thread-Topic: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))
Thread-Index: Ac0qYfrnYIXqAPDPSrqhGKMwzGj1DgACLaUg
Message-ID: <7309FCBCAE981B43ABBE69B31C8D213921BE2860C3@EUSAACMS0701.eamcs.ericsson.se>
References: <4FA48240.9060405@ops-netman.net> <CE0C4A314044C843AEE900875D90D54E10847F@BRN1WNEXMBX01.vcorp.ad.vrsn.com> <CAL9jLaZMkT-F5x5LAsjDhXsNnbG9akLhEotwT-eC=-6yX0J0kw@mail.gmail.com>
In-Reply-To: <CAL9jLaZMkT-F5x5LAsjDhXsNnbG9akLhEotwT-eC=-6yX0J0kw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "morrowc@ops-netman.net" <morrowc@ops-netman.net>, "Sandra.Murphy@sparta.com" <Sandra.Murphy@sparta.com>, "sidr@ietf.org" <sidr@ietf.org>, "sidr-chairs@tools.ietf.org" <sidr-chairs@tools.ietf.org>, "sidr-ads@tools.ietf.org" <sidr-ads@tools.ietf.org>
Subject: Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 May 2012 03:02:07 -0000

Might it be possible to create the key pair on the router?
Then you don't have to move the private key to the router,
You move the public key off the router. Much easier.

-- 
Jakob Heitz.

On Friday, May 04, 2012 6:54 PM, Christopher Morrow <> wrote:

> On Fri, May 4, 2012 at 9:37 PM, Osterweil, Eric
> <eosterweil@verisign.com> wrote: 
>> Hey Chris,
>> 
>> Yeah, I read that. I know there's a tendency for some people to want
>> to talk about bath houses on this list, but I was going to pass on
>> that.  
>> 
>> As for draft-ymbk-bgpsec-rtr-rekeying-00.txt, that draft just points
>> out the inadequacies of either approach and that there is no good
>> solution. My take is that this is indicative of a misalignment
>> between a given architecture and implicit requirements. Sometimes
>> you can't patch the holes in a leaky ship, you need to reassess the
>> requirements. I think the evidence illustrates that this is the case
>> here.      
>> 
> 
> it seems to me that putting key-material on a distant router is done
> today... isn't it? or are you saying that how you do it today leaves
> you feeling icky, and you'd rather another method be devised?
> 
> Could you outline a possible method? (provide a solution, for
> instance) 
> 
>> Eric
>> 
>> 
>> ----- Original Message -----
>> From: Chris Morrow [mailto:morrowc@ops-netman.net]
>> Sent: Friday, May 04, 2012 09:28 PM
>> To: Osterweil, Eric
>> Cc: 'Sandra.Murphy@sparta.com' <Sandra.Murphy@sparta.com>;
>> 'danny@tcb.net' <danny@tcb.net>; 'morrowc.lists@gmail.com'
>> <morrowc.lists@gmail.com>; 'sidr@ietf.org' <sidr@ietf.org>;
>> 'sidr-chairs@tools.ietf.org' <sidr-chairs@tools.ietf.org>;
>> 'sidr-ads@tools.ietf.org' <sidr-ads@tools.ietf.org>    
>> Subject: Re: [sidr] RPKI and private keys (was RE: Interim Meeting
>> Draft Agenda: 04-30-2012 (April 30, 2012))) 
>> 
>> 
>> 
>> On 05/04/2012 08:59 PM, Osterweil, Eric wrote:
>> 
>>> His point is NOT addressed by any draft in the wg (since you asked).
>> 
>> read randy's mentioned draft?

v2.23.0 | Report a Bug | By Email