Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-01.txt

t.petch <ietfc@btconnect.com> Fri, 13 April 2012 11:35 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DE6921F8763; Fri, 13 Apr 2012 04:35:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5vFTqaSaZ8TZ; Fri, 13 Apr 2012 04:35:36 -0700 (PDT)
Received: from db3outboundpool.messaging.microsoft.com (db3ehsobe002.messaging.microsoft.com [213.199.154.140]) by ietfa.amsl.com (Postfix) with ESMTP id 6243F21F875C; Fri, 13 Apr 2012 04:35:35 -0700 (PDT)
Received: from mail85-db3-R.bigfish.com (10.3.81.235) by DB3EHSOBE003.bigfish.com (10.3.84.23) with Microsoft SMTP Server id 14.1.225.23; Fri, 13 Apr 2012 11:35:34 +0000
Received: from mail85-db3 (localhost [127.0.0.1]) by mail85-db3-R.bigfish.com (Postfix) with ESMTP id 89B2A2607CD; Fri, 13 Apr 2012 11:35:34 +0000 (UTC)
X-SpamScore: -32
X-BigFish: PS-32(zz9371I936eK542M1432N98dK7605jzz1202hzz1033IL8275bh8275dhz2dh2a8h5a9h668h839hd24h304l)
X-Forefront-Antispam-Report: CIP:157.55.224.141; KIP:(null); UIP:(null); IPV:NLI; H:DB3PRD0702HT009.eurprd07.prod.outlook.com; RD:none; EFVD:NLI
Received: from mail85-db3 (localhost.localdomain [127.0.0.1]) by mail85-db3 (MessageSwitch) id 1334316933109976_4110; Fri, 13 Apr 2012 11:35:33 +0000 (UTC)
Received: from DB3EHSMHS012.bigfish.com (unknown [10.3.81.245]) by mail85-db3.bigfish.com (Postfix) with ESMTP id 0C98E3C004A; Fri, 13 Apr 2012 11:35:33 +0000 (UTC)
Received: from DB3PRD0702HT009.eurprd07.prod.outlook.com (157.55.224.141) by DB3EHSMHS012.bigfish.com (10.3.87.112) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 13 Apr 2012 11:35:32 +0000
Received: from AMSPRD0104HT027.eurprd01.prod.exchangelabs.com (157.55.11.7) by pod51017.outlook.com (10.3.4.174) with Microsoft SMTP Server (TLS) id 14.15.57.1; Fri, 13 Apr 2012 11:35:31 +0000
Message-ID: <014e01cd1960$f007a4c0$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: Christopher Morrow <morrowc.lists@gmail.com>, sidr@ietf.org, sidr-chairs@ietf.org, Sean Turner <turners@ieca.com>
References: <20111205182057.9350.73900.idtracker@ietfa.amsl.com> <CAL9jLaYXtePEJ1FyhxkKuRwFBiLPRN8pqT2va97-YG15Fqznvw@mail.gmail.com>
Date: Fri, 13 Apr 2012 12:33:46 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.55.11.7]
X-OriginatorOrg: btconnect.com
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-01.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2012 11:35:37 -0000

----- Original Message -----
From: "Christopher Morrow" <morrowc.lists@gmail.com>
To: <sidr@ietf.org>; <sidr-chairs@ietf.org>; "Sean Turner" <turners@ieca.com>;
"t.petch" <ietfc@btconnect.com>
Sent: Wednesday, March 28, 2012 2:33 PM
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-01.txt


Sean/Tom,
Tom had some comments on the previous (I believe) version of this
draft, are they addressed to your satisfaction Tom?

<tp>
Not really; it still says

"    o BGPSEC Router Certificates MUST include the BGPSEC EKU defined in
      Section 3.9.5."
but the I-D has no section 3.9.5 so it is unclear what is meant.

And I [still] find it hard to parse
' The validation procedure used for BGPSEC Router Certificates is
   identical to the validation procedure described in Section 7 of
   [RFC6487] except that where "this specification" refers to [RFC6487]
   in that profile in this profile "this specification" is this
   document.'
{a bit like those brain teasers where a single sentence has 13 consecutive
'and's but lacks punctuation}

Tom Petch
</tp>


Sean, if Tom's ok with the changes, should we move this along?

-Chris
<cochair>

On Mon, Dec 5, 2011 at 1:20 PM,  <internet-drafts@ietf.org> wrote:
>
> A New Internet-Draft is available from the on-line Internet-Drafts
directories. This draft is a work item of the Secure Inter-Domain Routing
Working Group of the IETF.
>
> Title : A Profile for BGPSEC Router Certificates, Certificate Revocation
Lists, and Certification Requests
> Author(s) : Mark Reynolds
> Sean Turner
> Steve Kent
> Filename : draft-ietf-sidr-bgpsec-pki-profiles-01.txt
> Pages : 11
> Date : 2011-12-05
>
> This document defines a standard profile for X.509 certificates for
> the purposes of supporting validation of Autonomous System (AS) paths
> in the Border Gateway Protocol (BGP), as part of an extension to that
> protocol known as BGPSEC. BGP is a critical component for the proper
> operation of the Internet as a whole. The BGPSEC protocol is under
> development as a component to address the requirement to provide
> security for the BGP protocol. The goal of BGPSEC is to design a
> protocol for full AS path validation based on the use of strong
> cryptographic primitives. The end-entity (EE) certificates specified
> by this profile are issued under Resource Public Key Infrastructure
> (RPKI) Certification Authority (CA) certificates, containing the AS
> Identifier Delegation extension, to routers within the Autonomous
> System (AS). The certificate asserts that the router(s) holding the
> private key are authorized to send out secure route advertisements on
> behalf of the specified AS. This document also profiles the
> Certificate Revocation List (CRL), profiles the format of
> certification requests, and specifies Relying Party certificate path
> validation procedures. The document extends the RPKI; therefore,
> this documents updates the RPKI Resource Certificates Profile (draft-
> ietf-sidr-res-cert-profile).
>
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-01.txt
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> This Internet-Draft can be retrieved at:
> ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-01.txt
>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr