IETF Logo Mail Archive

Re: [sidr] IPv4 examples for draft-ietf-sidr-bgpsec-pki-algs

"Borchert, Oliver (Fed)" <oliver.borchert@nist.gov> Thu, 12 January 2017 15:25 UTC

Return-Path: <oliver.borchert@nist.gov>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6790129878 for <sidr@ietfa.amsl.com>; Thu, 12 Jan 2017 07:25:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id atignBGpuAIM for <sidr@ietfa.amsl.com>; Thu, 12 Jan 2017 07:25:49 -0800 (PST)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0103.outbound.protection.outlook.com [23.103.201.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 538D0129473 for <sidr@ietf.org>; Thu, 12 Jan 2017 07:25:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=394pXkmzuiZD1t0xia383xDs6RF2saeAg55LDMji2bw=; b=HCU6ustOS4JQVFRszpz9Kauce2ovnbcI1mJIxPyk3RU3t0ryLqJk/J2KIThi4tI5OkmlyG4qfTIqEKTFWVSt1eiNLOu51M0v3MouQhkwTGNk92pcDgKdKjPsfeXOan7V8cdmLY8vETFx8qYdsc2ESMgYNolBLaOd5X53bd+wejI=
Received: from SN1PR09MB1007.namprd09.prod.outlook.com (10.166.69.13) by SN1PR09MB1008.namprd09.prod.outlook.com (10.166.69.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.845.12; Thu, 12 Jan 2017 15:25:47 +0000
Received: from SN1PR09MB1007.namprd09.prod.outlook.com ([10.166.69.13]) by SN1PR09MB1007.namprd09.prod.outlook.com ([10.166.69.13]) with mapi id 15.01.0845.014; Thu, 12 Jan 2017 15:25:47 +0000
From: "Borchert, Oliver (Fed)" <oliver.borchert@nist.gov>
To: Randy Bush <randy@psg.com>
Thread-Topic: [sidr] IPv4 examples for draft-ietf-sidr-bgpsec-pki-algs
Thread-Index: AQHSbCgbzrHhXkAXSUqZuVZbpiHo6qE03HkA///C4QCAAATTAA==
Date: Thu, 12 Jan 2017 15:25:47 +0000
Message-ID: <2A4B219C-E98C-410E-A809-AF3CD6A960DD@nist.gov>
References: <2459DA8D-593F-4B75-9C74-619DDBA907E4@nist.gov> <m27f60ie53.wl-randy@psg.com> <DCCE4A71-87F8-4A8A-A561-202F6331DC93@nist.gov>
In-Reply-To: <DCCE4A71-87F8-4A8A-A561-202F6331DC93@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1d.0.161209
authentication-results: spf=none (sender IP is ) smtp.mailfrom=oliver.borchert@nist.gov;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [129.6.140.59]
x-ms-office365-filtering-correlation-id: a5dcde0d-5d74-4572-19e6-08d43aff4882
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:SN1PR09MB1008;
x-microsoft-exchange-diagnostics: 1; SN1PR09MB1008; 7:TcozWBM4fnHGOIK1HTwSk9KQ4y/kJff2O1YJgh5s4IhOYXVRVX33BxcMOlepswZtsOrSMqE0slpu0oyuQHIIgtjIzySGBHYn4oHLwZBqGzSUEtYYN3Q1fLPD7G9/R3Gu2P/zMerMpQzMWbiIhUwzaR8T+hoK8/DOX1scIzeqmoJfq7UcQcD+0ZwkA51kd0IrJVf7TI3TQQDAW2GY4AU+zJLp8WvBcL3njElIFA+FVLnGO8vcycIxsEVgy+2CW3vUqG/7s8QeL/75U4vcIBOldye/eloky37ohSl9/W8Ur6SrGLdXfh9x0hEZnKwhnJWJjxjhIvGcs0dszWOhsxky38wcOrEvOud7vJ583MG6HuW7rh1O0VdjZQDbmjkXngb64QNzgtWVgibObADBWIkOAZUoixZ0HXhic0w2XlPP+gXvW1wFY77XpOXkuJfaETCydCgjRAiAxGUIfGmjT176Ew==
x-microsoft-antispam-prvs: <SN1PR09MB10081B817B24C74008647CF198790@SN1PR09MB1008.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(65766998875637);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040375)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(20161123558021)(20161123562025)(6072148); SRVR:SN1PR09MB1008; BCL:0; PCL:0; RULEID:; SRVR:SN1PR09MB1008;
x-forefront-prvs: 018577E36E
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39850400002)(39410400002)(39860400002)(39450400003)(39840400002)(189002)(377454003)(24454002)(199003)(3660700001)(101416001)(106356001)(6436002)(229853002)(38730400001)(99286003)(6506006)(106116001)(4001350100001)(77096006)(25786008)(97736004)(86362001)(6486002)(5890100001)(189998001)(50986999)(99936001)(76176999)(54356999)(36756003)(2900100001)(102836003)(2906002)(6512007)(4326007)(81156014)(6306002)(305945005)(105586002)(8676002)(81166006)(3280700002)(6116002)(66066001)(7736002)(68736007)(122556002)(8936002)(5660300001)(230783001)(2950100002)(6916009)(3846002)(92566002)(83506001)(82746002)(83716003)(33656002)(110136003)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR09MB1008; H:SN1PR09MB1007.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed; boundary="_002_2A4B219CE98C410EA809AF3CD6A960DDnistgov_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jan 2017 15:25:47.1408 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR09MB1008
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/kulMK5qfOdM20vlSrxwqdQj_U5g>
Cc: sidr list <sidr@ietf.org>
Subject: Re: [sidr] IPv4 examples for draft-ietf-sidr-bgpsec-pki-algs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2017 15:25:53 -0000

I went ahead and updated the life span of the certificates in the example.
attached please find the updated version with a certificate validity of 365 days

Oliver


On 1/12/17, 10:08 AM, "sidr on behalf of Borchert, Oliver (Fed)" <sidr-bounces@ietf.org on behalf of oliver.borchert@nist.gov> wrote:

    Hi Randy,
    
    The intention from my side to have the “200+ years” was based on my private dislike to see an example one could actually use in X years where X > now() and the certificate would be expired. 
    Said that, this is my personal preference but I get your point. This most likely would set a bad example for others that might start issuing certificates with “infinite” life spans. 
    
    In this regards what about a Validity of 365 days within the example. This seems feasible to me.
    
    Oliver
    
    On 1/12/17, 8:47 AM, "Randy Bush" <randy@psg.com> wrote:
    
        >         Validity
        >             Not Before: Jan 10 19:55:44 2017 GMT
        >             Not After : Oct 25 19:55:44 2290 GMT
        
        ok, i blew it and gave no guidance in bgpsec-ops.  i guess this doc
        would be as good a place as any.
        
        of course that leaves open what lifetime to recommend.  we're not gonna
        do oscp, but rather withdraw from the rpki.  so to keep from making too
        much bgp noise, let me toss out O(year) to start the discussion.
        
        i am still staring at the bgpsec message
        
        randy
        
    
    _______________________________________________
    sidr mailing list
    sidr@ietf.org
    https://www.ietf.org/mailman/listinfo/sidr

v2.23.0 | Report a Bug | By Email