Re: [sidr] IPv4 examples for draft-ietf-sidr-bgpsec-pki-algs

Sean Turner <sean@sn3rd.com> Mon, 27 February 2017 14:33 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BE5712A039 for <sidr@ietfa.amsl.com>; Mon, 27 Feb 2017 06:33:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l2guqn3dQTnR for <sidr@ietfa.amsl.com>; Mon, 27 Feb 2017 06:33:01 -0800 (PST)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 485E612A022 for <sidr@ietf.org>; Mon, 27 Feb 2017 06:33:01 -0800 (PST)
Received: by mail-qk0-x22d.google.com with SMTP id n127so99327741qkf.0 for <sidr@ietf.org>; Mon, 27 Feb 2017 06:33:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=oH+SCfYvBDI3VPGHkJfoX8BSVYSkh13odr1iO+AaM2k=; b=NL2o9BOHkaxGmpCH70X0o3wgzpUvOtiEL2YCwuVq9kVpkjatBjIrnxeeCLJCa0XzCf z9BL1Y26DAZr25eOzPpYhTVTn36w6Js5auan7N438obCZLltE8S9HykoX7dURnqf53yQ 4uNavdAacRgr3hfE93Pg61QttXaG7runi3kOE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=oH+SCfYvBDI3VPGHkJfoX8BSVYSkh13odr1iO+AaM2k=; b=thHJgZ5O/QtD8czc4e+IfO4rqSgu94upCCjuOymYTT0/JMz0v09UiKx+XhZqQs+oz3 PEc+Jj6G9HnKvzWpRBoTZRoLTYZ5+QxPpK9uli4o0yNmJsZk114X6+wUn/6hjMCAa0sh V6kj6VmvHCsTVDhU7+X39R4+ADNHRsfcIT6U+YGL0HVXkFSK7OjbnCrSvylxtzaerlvW hfaYpsf4fEIfiVGVGbbfn3IC6O4nvwQIKeY43n/7ULV1FvtVW2dEA+gpjkI7ZrG23EBW gFAM6NMLgYcaUFEOYLdtax35zJTRZjXQEm75YVp541GPvKl1G5yFpndgQUKt5EyB9yvd sEZA==
X-Gm-Message-State: AMke39mXZMVhMdK15sVQJwyYXOPEgNJV6Ve9/vDAdwbuoYUYRfMDBkpZ9hnwJt9X0kv37w==
X-Received: by 10.200.3.74 with SMTP id w10mr16989840qtg.73.1488205979479; Mon, 27 Feb 2017 06:32:59 -0800 (PST)
Received: from [172.16.0.18] ([96.231.229.68]) by smtp.gmail.com with ESMTPSA id f126sm10499922qkc.47.2017.02.27.06.32.58 for <sidr@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Feb 2017 06:32:58 -0800 (PST)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Mon, 27 Feb 2017 09:32:57 -0500
References: <06FD4D79-FBDD-44E0-9CF2-4B7A039A06A9@nist.gov> <845A415C-D469-4899-B7B0-0DAF728D667F@nist.gov>
To: sidr list <sidr@ietf.org>
In-Reply-To: <845A415C-D469-4899-B7B0-0DAF728D667F@nist.gov>
Message-Id: <3AD0CCE2-930A-4A8A-90CD-F93F6275FA12@sn3rd.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/n2C17dP2zSDr3squOWJzmIIg0Ow>
Subject: Re: [sidr] IPv4 examples for draft-ietf-sidr-bgpsec-pki-algs
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Feb 2017 14:33:03 -0000

 Unless there’s any comments, Wednesday I’ll cut these into the draft-ietf-sidr-bgpsec-pki-algs draft.

spt

> On Feb 21, 2017, at 10:13 AM, Borchert, Oliver (Fed) <oliver.borchert@nist.gov> wrote:
> 
> Attached is the latest version of the examples. Here we added an IPv6 BGP update to the existing example.
> 
> Again, for better reading I attached the example as text/pdf in case the formatting within the email gets
> Messed up.
> 
> Oliver
> 
> ----example----example----example----
> Topology:
> 
> AS(64496)----AS(65536)----AS(65537)
> 
> Prefix Announcements: AS(64496), 192.0.2.0/24, 2001:db8::/32
> 
> For this example, the ECDSA algorithm was provided with a static k to 
> make the result deterministic. 
> The k used for all signature operations was taken from RFC 6979, 
> chapter A.2.5 ?Signatures With SHA-256, message 'sample'?.
> 
>  k = A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60
> 
> Keys of AS64496:
> ================
> ski: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154
> 
> private key:
>  x = D8AA4DFBE2478F86E88A7451BF075565709C575AC1C136D081C540254CA440B9
> 
> public key: 
>  Ux = 7391BABB92A0CB3BE10E59B19EBFFB214E04A91E0CBA1B139A7D38D90F77E55A
>  Uy = A05B8E695678E0FA16904B55D9D4F5C0DFC58895EE50BC4F75D205A25BD36FF5
> 
> Router Key Certificate example using OpenSSL 1.0.1e-fips 11 Feb 2013
> --------------------------------------------------------------------
> Certificate:
>    Data:
>        Version: 3 (0x2)
>        Serial Number: 38655612 (0x24dd67c)
>    Signature Algorithm: ecdsa-with-SHA256
>        Issuer: CN=ROUTER-0000FBF0
>        Validity
>            Not Before: Jan  1 05:00:00 2017 GMT
>            Not After : Jul  1 05:00:00 2018 GMT
>        Subject: CN=ROUTER-0000FBF0
>        Subject Public Key Info:
>            Public Key Algorithm: id-ecPublicKey
>                Public-Key: (256 bit)
>                pub: 
>                    04:73:91:ba:bb:92:a0:cb:3b:e1:0e:59:b1:9e:bf:
>                    fb:21:4e:04:a9:1e:0c:ba:1b:13:9a:7d:38:d9:0f:
>                    77:e5:5a:a0:5b:8e:69:56:78:e0:fa:16:90:4b:55:
>                    d9:d4:f5:c0:df:c5:88:95:ee:50:bc:4f:75:d2:05:
>                    a2:5b:d3:6f:f5
>                ASN1 OID: prime256v1
>        X509v3 extensions:
>            X509v3 Key Usage: 
>                Digital Signature
>            X509v3 Subject Key Identifier: 
>                AB:4D:91:0F:55:CA:E7:1A:21:5E:F3:CA:FE:3A:CC:45:B5:EE:C1:54
>            X509v3 Extended Key Usage: 
>                1.3.6.1.5.5.7.3.30
>            sbgp-autonomousSysNum: critical
>                Autonomous System Numbers:
>                  64496
>                Routing Domain Identifiers:
>                  inherit
> 
>    Signature Algorithm: ecdsa-with-SHA256
>         30:44:02:20:07:b7:b4:6a:5f:a4:f1:cc:68:36:39:03:a4:83:
>         ec:7c:80:02:d2:f6:08:9d:46:b2:ec:2a:7b:e6:92:b3:6f:b1:
>         02:20:00:91:05:4a:a1:f5:b0:18:9d:27:24:e8:b4:22:fd:d1:
>         1c:f0:3d:b1:38:24:5d:64:29:35:28:8d:ee:0c:38:29
> -----BEGIN CERTIFICATE-----
> MIIBiDCCAS+gAwIBAgIEAk3WfDAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA9ST1VU
> RVItMDAwMEZCRjAwHhcNMTcwMTAxMDUwMDAwWhcNMTgwNzAxMDUwMDAwWjAaMRgw
> FgYDVQQDDA9ST1VURVItMDAwMEZCRjAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
> AARzkbq7kqDLO+EOWbGev/shTgSpHgy6GxOafTjZD3flWqBbjmlWeOD6FpBLVdnU
> 9cDfxYiV7lC8T3XSBaJb02/1o2MwYTALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFKtN
> kQ9VyucaIV7zyv46zEW17sFUMBMGA1UdJQQMMAoGCCsGAQUFBwMeMB4GCCsGAQUF
> BwEIAQH/BA8wDaAHMAUCAwD78KECBQAwCgYIKoZIzj0EAwIDRwAwRAIgB7e0al+k
> 8cxoNjkDpIPsfIAC0vYInUay7Cp75pKzb7ECIACRBUqh9bAYnSck6LQi/dEc8D2x
> OCRdZCk1KI3uDDgp
> -----END CERTIFICATE-----
> 
> 
> 
> Keys of AS(65636):
> ==================
> ski: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC
> 
> private key:
>  x = 6CB2E931B112F24554BCDCAAFD9553A9519A9AF33C023B60846A21FC95583172
> 
> public key: 
>  Ux = 28FC5FE9AFCF5F4CAB3F5F85CB212FC1E9D0E0DBEAEE425BD2F0D3175AA0E989
>  Uy = EA9B603E38F35FB329DF495641F2BA040F1C3AC6138307F257CBA6B8B588F41F
> 
> Router Key Certificate example using OpenSSL 1.0.1e-fips 11 Feb 2013
> --------------------------------------------------------------------
> Certificate:
>    Data:
>        Version: 3 (0x2)
>        Serial Number: 3168189942 (0xbcd6bdf6)
>    Signature Algorithm: ecdsa-with-SHA256
>        Issuer: CN=ROUTER-0000FFFF
>        Validity
>            Not Before: Jan  1 05:00:00 2017 GMT
>            Not After : Jul  1 05:00:00 2018 GMT
>        Subject: CN=ROUTER-0000FFFF
>        Subject Public Key Info:
>            Public Key Algorithm: id-ecPublicKey
>                Public-Key: (256 bit)
>                pub: 
>                    04:28:fc:5f:e9:af:cf:5f:4c:ab:3f:5f:85:cb:21:
>                    2f:c1:e9:d0:e0:db:ea:ee:42:5b:d2:f0:d3:17:5a:
>                    a0:e9:89:ea:9b:60:3e:38:f3:5f:b3:29:df:49:56:
>                    41:f2:ba:04:0f:1c:3a:c6:13:83:07:f2:57:cb:a6:
>                    b8:b5:88:f4:1f
>                ASN1 OID: prime256v1
>        X509v3 extensions:
>            X509v3 Key Usage: 
>                Digital Signature
>            X509v3 Subject Key Identifier: 
>                47:F2:3B:F1:AB:2F:8A:9D:26:86:4E:BB:D8:DF:27:11:C7:44:06:EC
>            X509v3 Extended Key Usage: 
>                1.3.6.1.5.5.7.3.30
>            sbgp-autonomousSysNum: critical
>                Autonomous System Numbers:
>                  65535
>                Routing Domain Identifiers:
>                  inherit
> 
>    Signature Algorithm: ecdsa-with-SHA256
>         30:45:02:21:00:df:04:c5:17:04:d0:f2:b9:fa:f3:d9:6e:3f:
>         6f:a1:58:d8:fe:6c:18:e4:37:ca:19:7c:c8:75:40:57:6e:7e:
>         9d:02:20:12:45:e8:a8:58:6b:00:7b:e6:a9:0e:f2:b6:62:50:
>         4b:1c:01:6f:3b:41:11:69:88:30:73:9f:d7:02:9e:64:4f
> -----BEGIN CERTIFICATE-----
> MIIBijCCATCgAwIBAgIFALzWvfYwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPUk9V
> VEVSLTAwMDBGRkZGMB4XDTE3MDEwMTA1MDAwMFoXDTE4MDcwMTA1MDAwMFowGjEY
> MBYGA1UEAwwPUk9VVEVSLTAwMDBGRkZGMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
> QgAEKPxf6a/PX0yrP1+FyyEvwenQ4Nvq7kJb0vDTF1qg6Ynqm2A+OPNfsynfSVZB
> 8roEDxw6xhODB/JXy6a4tYj0H6NjMGEwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBRH
> 8jvxqy+KnSaGTrvY3ycRx0QG7DATBgNVHSUEDDAKBggrBgEFBQcDHjAeBggrBgEF
> BQcBCAEB/wQPMA2gBzAFAgMA//+hAgUAMAoGCCqGSM49BAMCA0gAMEUCIQDfBMUX
> BNDyufrz2W4/b6FY2P5sGOQ3yhl8yHVAV25+nQIgEkXoqFhrAHvmqQ7ytmJQSxwB
> bztBEWmIMHOf1wKeZE8=
> -----END CERTIFICATE-----
> 
> 
> 
> BGPSec IPv4 Update from AS(65536) to AS(65537):
> ===============================================
> Binary Form of BGPSec Update (TCP-DUMP):
> 
> FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF 
> 01 00 02 00 00 00 E9 40  01 01 02 80 04 04 00 00 
> 00 00 80 0E 0D 00 01 01  04 C6 33 64 64 00 18 C0 
> 00 02 90 21 00 CA 00 0E  01 00 00 01 00 00 01 00 
> 00 00 FB F0 00 BC 01 47  F2 3B F1 AB 2F 8A 9D 26 
> 86 4E BB D8 DF 27 11 C7  44 06 EC 00 46 30 44 02 
> 20 72 14 BC 96 47 16 0B  BD 39 FF 2F 80 53 3F 5D 
> C6 DD D7 0D DF 86 BB 81  56 61 E8 05 D5 D4 E6 F2 
> 7C 02 20 2D DC 00 3C 64  BE 7B 29 C9 EB DB C8 A4 
> 97 ED 66 28 5E E9 22 76  83 E6 C1 78 CE 8D E6 D3 
> 59 5F 41 AB 4D 91 0F 55  CA E7 1A 21 5E F3 CA FE 
> 3A CC 45 B5 EE C1 54 00  47 30 45 02 20 72 14 BC 
> 96 47 16 0B BD 39 FF 2F  80 53 3F 5D C6 DD D7 0D 
> DF 86 BB 81 56 61 E8 05  D5 D4 E6 F2 7C 02 21 00 
> C6 17 19 34 07 43 06 3B  8A 5C CD 54 16 39 0B 31 
> 21 1D 3C 52 48 07 95 87  D0 13 13 7B 41 CD 23 E2 
> 
> 
> Signature From AS(64496) to AS(65536):
> ---------------------------------------
> Digest:    21 33 E5 CA A0 26 BE 07   3D 9C 1B 4E FE B9 B9 77 
>           9F 20 F8 F5 DE 29 FA 98   40 00 9F 60 
> Signature: 30 45 02 20 72 14 BC 96   47 16 0B BD 39 FF 2F 80 
>           53 3F 5D C6 DD D7 0D DF   86 BB 81 56 61 E8 05 D5 
>           D4 E6 F2 7C 02 21 00 C6   17 19 34 07 43 06 3B 8A 
>           5C CD 54 16 39 0B 31 21   1D 3C 52 48 07 95 87 D0 
>           13 13 7B 41 CD 23 E2 
> 
> Signature From AS(65536) to AS(65537):
> --------------------------------------
> Digest:    46 4B 57 CE B1 2D 18 B0   FD 1A 1A 35 94 17 3A 4A 
>           09 88 E5 F4 ED ED 2F 3D   83 08 5A A8 
> Signature: 30 44 02 20 72 14 BC 96   47 16 0B BD 39 FF 2F 80 
>           53 3F 5D C6 DD D7 0D DF   86 BB 81 56 61 E8 05 D5 
>           D4 E6 F2 7C 02 20 2D DC   00 3C 64 BE 7B 29 C9 EB 
>           DB C8 A4 97 ED 66 28 5E   E9 22 76 83 E6 C1 78 CE 
>           8D E6 D3 59 5F 41 
> 
> The human readable output is produced using bgpsec-io, a bgpsec 
> traffic generator that uses a wireshark like printout.
> 
> Send Update Message
>  +--marker: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>  +--length: 256
>  +--type:   2 (UPDATE)
>  +--withdrawn_routes_length: 0
>  +--total_path_attr_length: 233
>     +--ORIGIN: INCOMPLETE (4 bytes)
>     |  +--Flags: 0x40 (Well-Known, Transitive, Complete)
>     |  +--Type Code: ORIGIN (1)
>     |  +--Length: 1 byte
>     |  +--Origin: INCOMPLETE (1)
>     +--MULTI_EXIT_DISC (7 bytes)
>     |  +--Flags: 0x80 (Optional, Complete)
>     |  +--Type Code: MULTI_EXIT_DISC (4)
>     |  +--Length: 4 bytes
>     |  +--data: 00 00 00 00 
>     +--MP_REACH_NLRI (16 bytes)
>     |  +--Flags: 0x80 (Optional, Complete)
>     |  +--Type Code: MP_REACH_NLRI (14)
>     |  +--Length: 13 bytes
>     |  +--Address family: IPv4 (1)
>     |  +--Subsequent address family identifier: Unicast (1)
>     |  +--Next hop network address: (4 bytes)
>     |  |  +--Next hop: 198.51.100.100
>     |  +--Subnetwork points of attachment: 0
>     |  +--Network layer reachability information: (4 bytes)
>     |     +--192.0.2.0/24
>     |     +--MP Reach NLRI prefix length: 24
>     |     +--MP Reach NLRI IPv4 prefix: 192.0.2.0
>     +--BGPSEC Path Attribute (206 bytes)
>        +--Flags: 0x90 (Optional, Complete, Extended Length)
>        +--Type Code: BGPSEC Path Attribute (33)
>        +--Length: 202 bytes
>        +--Secure Path (14 bytes)
>        |  +--Length: 14 bytes
>        |  +--Secure Path Segment: (6 bytes)
>        |  |  +--pCount: 1
>        |  |  +--Flags: 0
>        |  |  +--AS number: 65536 (1.0)
>        |  +--Secure Path Segment: (6 bytes)
>        |     +--pCount: 1
>        |     +--Flags: 0
>        |     +--AS number: 64496 (0.64496)
>        +--Signature Block (188 bytes)
>           +--Length: 188 bytes
>           +--Algo ID: 1
>           +--Signature Segment: (92 bytes)
>           |  +--SKI: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC
>           |  +--Length: 70 bytes
>           |  +--Signature: 30 44 02 20 72 14 BC 96   47 16 0B BD 39 FF 2F 80 
>           |                53 3F 5D C6 DD D7 0D DF   86 BB 81 56 61 E8 05 D5 
>           |                D4 E6 F2 7C 02 20 2D DC   00 3C 64 BE 7B 29 C9 EB 
>           |                DB C8 A4 97 ED 66 28 5E   E9 22 76 83 E6 C1 78 CE 
>           |                8D E6 D3 59 5F 41 
>           +--Signature Segment: (93 bytes)
>              +--SKI: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154
>              +--Length: 71 bytes
>              +--Signature: 30 45 02 20 72 14 BC 96   47 16 0B BD 39 FF 2F 80 
>                            53 3F 5D C6 DD D7 0D DF   86 BB 81 56 61 E8 05 D5 
>                            D4 E6 F2 7C 02 21 00 C6   17 19 34 07 43 06 3B 8A 
>                            5C CD 54 16 39 0B 31 21   1D 3C 52 48 07 95 87 D0 
>                            13 13 7B 41 CD 23 E2 
> 
> 
> BGPSec IPv6 Update from AS(65536) to AS(65537):
> ===============================================
> Binary Form of BGPSec Update (TCP-DUMP):
> 
> FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF
> 01 0C 02 00 00 00 F5 40  01 01 02 80 04 04 00 00
> 00 00 80 0E 1A 00 02 01  10 20 01 00 10 00 00 00
> 00 00 00 00 00 C6 33 64  64 00 20 20 01 0D B8 90
> 21 00 C9 00 0E 01 00 00  01 00 00 01 00 00 00 FB
> F0 00 BB 01 47 F2 3B F1  AB 2F 8A 9D 26 86 4E BB
> D8 DF 27 11 C7 44 06 EC  00 46 30 44 02 20 72 14
> BC 96 47 16 0B BD 39 FF  2F 80 53 3F 5D C6 DD D7
> 0D DF 86 BB 81 56 61 E8  05 D5 D4 E6 F2 7C 02 20
> 0A 9A E7 5F 56 CE 42 9C  D2 D2 20 38 6B 8D 24 73
> E9 5C 8A 50 E5 58 DB 92  B7 88 3D 09 E8 42 4E E7
> AB 4D 91 0F 55 CA E7 1A  21 5E F3 CA FE 3A CC 45
> B5 EE C1 54 00 46 30 44  02 20 72 14 BC 96 47 16
> 0B BD 39 FF 2F 80 53 3F  5D C6 DD D7 0D DF 86 BB
> 81 56 61 E8 05 D5 D4 E6  F2 7C 02 20 6E 26 52 40
> CF CA 0E F6 5C 8E A1 AF  6B 65 2A 19 13 D2 FC BD
> B5 8E E9 53 60 9F 85 F0  D2 69 99 DF  
> 
> 
> Signature From AS(64496) to AS(65536):
> ---------------------------------------
> Digest:    8A 0C D3 E9 8E 55 10 45   82 1D 80 46 01 D6 55 FC 
>           52 11 89 DF 4D B0 28 7D   84 AC FC 77 
> Signature: 30 44 02 20 72 14 BC 96   47 16 0B BD 39 FF 2F 80 
>           53 3F 5D C6 DD D7 0D DF   86 BB 81 56 61 E8 05 D5 
>           D4 E6 F2 7C 02 20 6E 26   52 40 CF CA 0E F6 5C 8E 
>           A1 AF 6B 65 2A 19 13 D2   FC BD B5 8E E9 53 60 9F 
>           85 F0 D2 69 99 DF 
> 
> Signature From AS(65536) to AS(65537):
> --------------------------------------
> Digest:    BA BF F7 95 BF 3C BE 81   79 1F A9 90 06 FC 30 1B 
>           0D BC D5 49 39 5A 0A 71   C2 D5 B2 FA 
> Signature: 30 44 02 20 72 14 BC 96   47 16 0B BD 39 FF 2F 80 
>           53 3F 5D C6 DD D7 0D DF   86 BB 81 56 61 E8 05 D5 
>           D4 E6 F2 7C 02 20 0A 9A   E7 5F 56 CE 42 9C D2 D2 
>           20 38 6B 8D 24 73 E9 5C   8A 50 E5 58 DB 92 B7 88 
>           3D 09 E8 42 4E E7 
> 
> 
> The human readable output is produced using bgpsec-io, a bgpsec 
> traffic generator that uses a wireshark like printout.
> 
> Send Update Message
>  +--marker: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>  +--length: 268
>  +--type:   2 (UPDATE)
>  +--withdrawn_routes_length: 0
>  +--total_path_attr_length: 245
>     +--ORIGIN: INCOMPLETE (4 bytes)
>     |  +--Flags: 0x40 (Well-Known, Transitive, Complete)
>     |  +--Type Code: ORIGIN (1)
>     |  +--Length: 1 byte
>     |  +--Origin: INCOMPLETE (1)
>     +--MULTI_EXIT_DISC (7 bytes)
>     |  +--Flags: 0x80 (Optional, Complete)
>     |  +--Type Code: MULTI_EXIT_DISC (4)
>     |  +--Length: 4 bytes
>     |  +--data: 00 00 00 00 
>     +--MP_REACH_NLRI (29 bytes)
>     |  +--Flags: 0x80 (Optional, Complete)
>     |  +--Type Code: MP_REACH_NLRI (14)
>     |  +--Length: 26 bytes
>     |  +--Address family: IPv6 (2)
>     |  +--Subsequent address family identifier: Unicast (1)
>     |  +--Next hop network address: (16 bytes)
>     |  |  +--Next hop: 2001:0010:0000:0000:0000:0000:c633:6464
>     |  +--Subnetwork points of attachment: 0
>     |  +--Network layer reachability information: (5 bytes)
>     |     +--2001:db8::/32
>     |     +--MP Reach NLRI prefix length: 32
>     |     +--MP Reach NLRI IPv6 prefix: 2001:db8::
>     +--BGPSEC Path Attribute (205 bytes)
>        +--Flags: 0x90 (Optional, Complete, Extended Length)
>        +--Type Code: BGPSEC Path Attribute (33)
>        +--Length: 201 bytes
>        +--Secure Path (14 bytes)
>        |  +--Length: 14 bytes
>        |  +--Secure Path Segment: (6 bytes)
>        |  |  +--pCount: 1
>        |  |  +--Flags: 0
>        |  |  +--AS number: 65536 (1.0)
>        |  +--Secure Path Segment: (6 bytes)
>        |     +--pCount: 1
>        |     +--Flags: 0
>        |     +--AS number: 64496 (0.64496)
>        +--Signature Block (187 bytes)
>           +--Length: 187 bytes
>           +--Algo ID: 1
>           +--Signature Segment: (92 bytes)
>           |  +--SKI: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC
>           |  +--Length: 70 bytes
>           |  +--Signature: 30 44 02 20 72 14 BC 96   47 16 0B BD 39 FF 2F 80 
>           |                53 3F 5D C6 DD D7 0D DF   86 BB 81 56 61 E8 05 D5 
>           |                D4 E6 F2 7C 02 20 0A 9A   E7 5F 56 CE 42 9C D2 D2 
>           |                20 38 6B 8D 24 73 E9 5C   8A 50 E5 58 DB 92 B7 88 
>           |                3D 09 E8 42 4E E7 
>           +--Signature Segment: (92 bytes)
>              +--SKI: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154
>              +--Length: 70 bytes
>              +--Signature: 30 44 02 20 72 14 BC 96   47 16 0B BD 39 FF 2F 80 
>                            53 3F 5D C6 DD D7 0D DF   86 BB 81 56 61 E8 05 D5 
>                            D4 E6 F2 7C 02 20 6E 26   52 40 CF CA 0E F6 5C 8E 
>                            A1 AF 6B 65 2A 19 13 D2   FC BD B5 8E E9 53 60 9F 
>                            85 F0 D2 69 99 DF 
> 
> ----example----example----example----
> 
> -------------------------------------------------------------
> Oliver Borchert, Computer Scientist
> National Institute of Standards and Technology
> (Phone) 301.975.4856 , (Fax) 301.975.6238
> 
> 
> 
> 
> <draft-ietf-sidr-bgpsec-algs-examples-v4.txt><draft-ietf-sidr-bgpsec-algs-examples-v4.pdf>_______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr