Re: [sidr] Key learning procedures in BGPsec?

[Eric Osterweil <eosterweil@verisign.com>]

Hey Sandy,

On Jan 17, 2012, at 8:20 PM, Murphy, Sandra wrote:

> About #1:
> 
> ROAs are used for origin validation.  (*) The bgpsec router needs only the prefix-AS binding in the ROA, not the crypto part, and only for the origin validation, not the signature attribute validation.  The rpki-rtr protocol is one way to communicate that binding.  

I think I recall from another recent thread that there was some contention over whether a router should just take it on faith that the bindings are legit or if it needs to verify them.  Since I don't recall that thread coming to consensus, rather than recreate that here, I'm happy to leave this to the other thread if people think that makes sense.

> 
> The bgpsec signature attribute validation does need the public keys that are used to validate the signatures.  (And the binding to an AS - see previous message.)  But it is the nature of the public part of a public/private key pair that security concerns are lower for communicating that part of the pair and exposure is no concern.

I think we may not be speaking to the same point.  If a router gets a private key installed on it (presumably one that has been vetted to sign for an AS/prefix binding), then how do we get that key installed securely?  If the router gets born with a key, how does an AS manage the lifetime of that key?  That is, how do you envision it gets rolled over to a new key, and how does that key get vetted and installed? Again, I may just be missing the relevant part of some draft, but I was not able to find this procedure concisely documented.

> 
> --Sandy
> 
> (*)(Years ago Geoff corrected me about calling ROAs "certs" and I've remembered the lesson. They're just signed objects, not certs.)

Point well taken, thanks. :)

Eric