Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-20.txt
Sean Turner <sean@sn3rd.com> Thu, 05 January 2017 01:03 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8287D1294B9 for <sidr@ietfa.amsl.com>; Wed, 4 Jan 2017 17:03:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t1N4l63qfddg for <sidr@ietfa.amsl.com>; Wed, 4 Jan 2017 17:03:48 -0800 (PST)
Received: from mail-qt0-x22a.google.com (mail-qt0-x22a.google.com [IPv6:2607:f8b0:400d:c0d::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 267E01294B3 for <sidr@ietf.org>; Wed, 4 Jan 2017 17:03:48 -0800 (PST)
Received: by mail-qt0-x22a.google.com with SMTP id k15so267895691qtg.3 for <sidr@ietf.org>; Wed, 04 Jan 2017 17:03:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=SIIjG1A7UvSNIusPLJqBilyA5e4Tym9oD7FEssJxJYI=; b=AEsTLtjOwoSi7oM4rjdUgg0aM3Bcn1PCoJarkYHvseWjzHIUj1yq8RRScgCGEE4B4I B8Xf1yuJKfMspEpNNyzE0p/Sse6t2SAwZqPmonYjES5tgrJ/GkY5Z5PL5w+I0VAa49R9 7JZiFeLzLdcQudyZX+CE4ANIwyfni2YSPh2zI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=SIIjG1A7UvSNIusPLJqBilyA5e4Tym9oD7FEssJxJYI=; b=sXYiGV+qI4Woc8NTBwEztGHV8kTgNeslndHOvLkTmQu1/Qtw6/ABXT1PAGc0BLN2sW uUs1rULSjblHx0/Qgh4Ykt6q4Tn4gUJCOUOhXyt+wA28sKyZxl6u11ZQhMJqOBbS8PDo ZQ0lvwXddxT+QMLFXjqZvHmVvLQxNUeW1dnalbmaEwO9u9EyI50RVpc8XDp1CGStCqfu 3k228Wi9lEHNTKJTzUTmoUc+cilLe+ECu+8WA8/2+RmBoMsfivWZc3UxahJEYk7Eg4k6 CJKBzYbENH/q9yILEN0bvi06yvJLLuYkizXIu9cqMmgk9sg88Vw2ync+xQdc/+nVowgD bwmA==
X-Gm-Message-State: AIkVDXI/YkJmQ8wa2MRyIea+mBkZ05eqHxJpySAz8W0VuUQeo3pTtOwCpXd51aque9g/Vw==
X-Received: by 10.237.57.137 with SMTP id m9mr68743754qte.35.1483578227251; Wed, 04 Jan 2017 17:03:47 -0800 (PST)
Received: from [172.16.0.92] (pool-173-73-120-80.washdc.east.verizon.net. [173.73.120.80]) by smtp.gmail.com with ESMTPSA id q53sm47163139qtq.0.2017.01.04.17.03.45 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 04 Jan 2017 17:03:46 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <148357791404.12990.5226692464513021947.idtracker@ietfa.amsl.com>
Date: Wed, 04 Jan 2017 20:03:44 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <4DBE0920-F544-4646-92BC-44CCC2570968@sn3rd.com>
References: <148357791404.12990.5226692464513021947.idtracker@ietfa.amsl.com>
To: The IESG <iesg@ietf.org>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/cYXcMnSICF6TyhFEWh1EjuA0fus>
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-20.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2017 01:03:49 -0000
I believe this version addresses Stephen’s discuss points as well as the other comments I’ve picked up along the way (minus fighting with nroffedit to add references). spt > On Jan 4, 2017, at 19:58, internet-drafts@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Secure Inter-Domain Routing of the IETF. > > Title : A Profile for BGPsec Router Certificates, Certificate Revocation Lists, and Certification Requests > Authors : Mark Reynolds > Sean Turner > Stephen Kent > Filename : draft-ietf-sidr-bgpsec-pki-profiles-20.txt > Pages : 12 > Date : 2017-01-04 > > Abstract: > This document defines a standard profile for X.509 certificates used > to enable validation of Autonomous System (AS) paths in the Border > Gateway Protocol (BGP), as part of an extension to that protocol > known as BGPsec. BGP is the standard for inter-domain routing in the > Internet; it is the "glue" that holds the Internet together. BGPsec > is being developed as one component of a solution that addresses the > requirement to provide security for BGP. The goal of BGPsec is to > provide full AS path validation based on the use of strong > cryptographic primitives. The end-entity (EE) certificates specified > by this profile are issued to routers within an Autonomous System. > Each of these certificates is issued under a Resource Public Key > Infrastructure (RPKI) Certification Authority (CA) certificate. > These CA certificates and EE certificates both contain the AS > Identifier Delegation extension. An EE certificate of this type > asserts that the router(s) holding the corresponding private key are > authorized to emit secure route advertisements on behalf of the > AS(es) specified in the certificate. This document also profiles the > format of certification requests, and specifies Relying Party (RP) > certificate path validation procedures for these EE certificates. > This document extends the RPKI; therefore, this documents updates the > RPKI Resource Certificates Profile (RFC 6487). > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-pki-profiles/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-pki-profiles-20 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-pki-profiles-20 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
- [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-pro… internet-drafts
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… Sean Turner