IETF Logo Mail Archive

Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))

Chris Morrow <morrowc@ops-netman.net> Sat, 05 May 2012 02:18 UTC

Return-Path: <morrowc@ops-netman.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57C1121E802B for <sidr@ietfa.amsl.com>; Fri, 4 May 2012 19:18:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.524
X-Spam-Level:
X-Spam-Status: No, score=-2.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WhD7JpehYGzS for <sidr@ietfa.amsl.com>; Fri, 4 May 2012 19:18:44 -0700 (PDT)
Received: from mailserver.ops-netman.net (mailserver.ops-netman.net [IPv6:2001:470:e495:fade:5054:ff:fe79:69db]) by ietfa.amsl.com (Postfix) with ESMTP id AFB5021E8020 for <sidr@ietf.org>; Fri, 4 May 2012 19:18:44 -0700 (PDT)
Received: from [192.168.1.125] (c-98-204-226-233.hsd1.va.comcast.net [98.204.226.233]) (Authenticated sender: morrowc@OPS-NETMAN.NET) by mailserver.ops-netman.net (Postfix) with ESMTPSA id 68516320270; Sat, 5 May 2012 02:18:40 +0000 (UTC)
Message-ID: <4FA48DFF.4060604@ops-netman.net>
Date: Fri, 04 May 2012 22:18:39 -0400
From: Chris Morrow <morrowc@ops-netman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120410 Thunderbird/11.0.1
MIME-Version: 1.0
To: "Osterweil, Eric" <eosterweil@verisign.com>
References: <CE0C4A314044C843AEE900875D90D54E1084BB@BRN1WNEXMBX01.vcorp.ad.vrsn.com>
In-Reply-To: <CE0C4A314044C843AEE900875D90D54E1084BB@BRN1WNEXMBX01.vcorp.ad.vrsn.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "'sidr-chairs@tools.ietf.org'" <sidr-chairs@tools.ietf.org>, "'Sandra.Murphy@sparta.com'" <Sandra.Murphy@sparta.com>, "'sidr-ads@tools.ietf.org'" <sidr-ads@tools.ietf.org>, "'sidr@ietf.org'" <sidr@ietf.org>
Subject: Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 May 2012 02:18:45 -0000

On 05/04/2012 10:06 PM, Osterweil, Eric wrote:
> Hey Chris,
>
> The implications of putting signatures on updates that are both
> globally visible/verifiable and implicitly give object-level security
> to updates is WAY different than the semantics of the keying done
> today.  The implications of the scope of these keys puts them in a
> much different role.  I was assuming that was clear, but maybe not?

I think we're talking about 2 different (at least) things...

> Eric
>
>
> ----- Original Message ----- From: Christopher Morrow
> [mailto:morrowc.lists@gmail.com] Sent: Friday, May 04, 2012 09:54 PM
> To: Osterweil, Eric Cc:
> morrowc@ops-netman.net<morrowc@ops-netman.net>;
> Sandra.Murphy@sparta.com<Sandra.Murphy@sparta.com>;
> danny@tcb.net<danny@tcb.net>; sidr@ietf.org<sidr@ietf.org>;
> sidr-chairs@tools.ietf.org<sidr-chairs@tools.ietf.org>;
> sidr-ads@tools.ietf.org<sidr-ads@tools.ietf.org> Subject: Re: [sidr]
> RPKI and private keys (was RE: Interim Meeting Draft Agenda:
> 04-30-2012 (April 30, 2012)))
>
> On Fri, May 4, 2012 at 9:37 PM, Osterweil,
> Eric<eosterweil@verisign.com>  wrote:
>> Hey Chris,
>>
>> Yeah, I read that. I know there's a tendency for some people to
>> want to talk about bath houses on this list, but I was going to
>> pass on that.
>>
>> As for draft-ymbk-bgpsec-rtr-rekeying-00.txt, that draft just
>> points out the inadequacies of either approach and that there is no
>> good solution. My take is that this is indicative of a misalignment
>> between a given architecture and implicit requirements. Sometimes
>> you can't patch the holes in a leaky ship, you need to reassess the
>> requirements. I think the evidence illustrates that this is the
>> case here.
>>
>
> it seems to me that putting key-material on a distant router is done
> today... isn't it? or are you saying that how you do it today leaves
> you feeling icky, and you'd rather another method be devised?
>
> Could you outline a possible method? (provide a solution, for
> instance)
>
>> Eric
>>
>>
>> ----- Original Message ----- From: Chris Morrow
>> [mailto:morrowc@ops-netman.net] Sent: Friday, May 04, 2012 09:28
>> PM To: Osterweil, Eric Cc:
>> 'Sandra.Murphy@sparta.com'<Sandra.Murphy@sparta.com>;
>> 'danny@tcb.net'<danny@tcb.net>;
>> 'morrowc.lists@gmail.com'<morrowc.lists@gmail.com>;
>> 'sidr@ietf.org'<sidr@ietf.org>;
>> 'sidr-chairs@tools.ietf.org'<sidr-chairs@tools.ietf.org>;
>> 'sidr-ads@tools.ietf.org'<sidr-ads@tools.ietf.org> Subject: Re:
>> [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda:
>> 04-30-2012 (April 30, 2012)))
>>
>>
>>
>> On 05/04/2012 08:59 PM, Osterweil, Eric wrote:
>>
>>> His point is NOT addressed by any draft in the wg (since you
>>> asked).
>>
>> read randy's mentioned draft?

v2.23.0 | Report a Bug | By Email