Re: [Sidr] V3 draft of SIDR Charter
Geoff Huston <gih@apnic.net> Tue, 29 November 2005 04:57 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EgxYo-0006rL-Gu; Mon, 28 Nov 2005 23:57:46 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EgxYl-0006r7-Ba for sidr@megatron.ietf.org; Mon, 28 Nov 2005 23:57:44 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA10175 for <sidr@ietf.org>; Mon, 28 Nov 2005 23:56:57 -0500 (EST)
Received: from kahuna.telstra.net ([203.50.0.6]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Egxsj-0003F8-Eo for sidr@ietf.org; Tue, 29 Nov 2005 00:18:24 -0500
Received: from gihm3.apnic.net (rsdhcp5.telstra.net [203.50.0.197]) by kahuna.telstra.net (8.12.3/8.11.3) with ESMTP id jAT4v7Xt018711; Tue, 29 Nov 2005 15:57:08 +1100 (EST) (envelope-from gih@apnic.net)
Message-Id: <6.2.0.14.2.20051129155139.02adab00@kahuna.telstra.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.0.14
Date: Tue, 29 Nov 2005 15:56:50 +1100
To: "william(at)elan.net" <william@elan.net>
From: Geoff Huston <gih@apnic.net>
Subject: Re: [Sidr] V3 draft of SIDR Charter
In-Reply-To: <Pine.LNX.4.62.0511281541570.14705@sokol.elan.net>
References: <Pine.LNX.4.64.0511101743550.23850@netcore.fi> <6.2.0.14.2.20051112025129.02b3bdf8@localhost> <6.2.0.14.2.20051112031331.044471f8@localhost> <6.2.0.14.2.20051126074145.0301c218@kahuna.telstra.net> <F76529DC4E8579FB25AE6E9F@svartdal.hjemme.alvestrand.no> <6.2.0.14.2.20051128070004.02b0b268@kahuna.telstra.net> <2F57CBABD34601081A75DAFB@svartdal.hjemme.alvestrand.no> <6.2.0.14.2.20051128074620.02b03a48@kahuna.telstra.net> <6.2.0.14.2.20051128191945.02b75cb8@kahuna.telstra.net> <Pine.LNX.4.62.0511280024260.14705@sokol.elan.net> <6.2.0.14.2.20051128203425.02acf120@kahuna.telstra.net> <Pine.LNX.4.62.0511280138270.14705@sokol.elan.net> <6.2.0.14.2.20051129103756.02884288@kahuna.telstra.net> <Pine.LNX.4.62.0511281541570.14705@sokol.elan.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4
Cc: sidr@ietf.org
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
Sender: sidr-bounces@ietf.org
Errors-To: sidr-bounces@ietf.org
At 10:57 AM 29/11/2005, william(at)elan.net wrote: >On Tue, 29 Nov 2005, Geoff Huston wrote: > >>At 11:08 PM 28/11/2005, william(at)elan.net wrote: >>>That is pretty much it. I do not see it clearly spelled out in the >>>charter that we would work on specifying access to (or at least linking >>>rules for specifying PKI repository) PKI repositories and format of the >>>data that is to be retrieved. There are actually quite a number of ways >>>to run a repository or certificate verification service that have been >>>developed (plus add related issues and formats for publication of CRL >>>data as well), these are just a few these: >>> SCVP (draft-ietf-pkix-scvp-21.txt) >>> DVCS (RFC3029) >>> OSCP (RFC2560) >>> PKIXREP locator (draft-ietf-pkix-pkixrep-04.txt) >>> HTTP Certificate Store (draft-ietf-pkix-certstore-http-09.txt) >>> LDAP Certificate server >>> PGP (HTTP based) key & certificate server >>> etc. >>>And it may well be that none of the above will work because one of the key >>>issues is that BGP (like DNS) is a base protocol so one can not fully >>>rely on some "higher" application protocol as part of BGP route establishment >>>(see also SBGP & soBGP and compare how they propose to store cert data). >>>I think info on considerations and issues involved in setting up and >>>running repositories that would be used for BGP security should be >>>considered and documented as well at least in some way. >>>Also the format for certificates and any necessary extensions are all in >>>scope (i.e. if we decide we need extension of RFC3779) and this >>>I also see as publication-related issue. >> >>I am unsure how nmuch of this belongs in a SIDR charter and how much >>belongs in a security area as a work item and how much is beyond the scope of > >As I said before I view SIDR work as something that is more security >centric then routing but like others I personally dont care that much >if its officially under security or under routing area. But in general >IETF usually has security area WGs work on security additions to other >protocols (when its whole WG rather then one document in WG that is >mostly working on something else). > >>standards-related activities. For a charter I'm personally more >>comfortable with the more general phrase of > >>" Document the use of certification objects within this secure routing >>architecture" >> >>and not specifying the form of repository nor the form of repository >>access as charter work items at this point in time. > >Strongly disagree. You can not attempt global deployment unless you deal >with repository access issues. This is an effort at creating a set of techology standards, not a specific deployment specification for a particular networked environment. Given the diversity of potential deployment scenarios across various forms of Internet environments I think that some division of the activity is entirely appropriate and necessary, and the generation of deployment profiles may well be an outcome of such a division of effort - but from the point of view of specification of technology standards and the charter for such an activity, I believe it to be appropriate to will pass on this draft charter to the ADs with the wording as proposed above. Geoff _______________________________________________ Sidr mailing list Sidr@ietf.org https://www1.ietf.org/mailman/listinfo/sidr
- [Sidr] a reminder on operator requirements Pekka Savola
- Re: [Sidr] a reminder on operator requirements Geoff Huston
- Re: [Sidr] a reminder on operator requirements Geoff Huston
- [Sidr] initial draft of SIDR Charter Geoff Huston
- Re: [Sidr] initial draft of SIDR Charter william(at)elan.net
- Re: [Sidr] initial draft of SIDR Charter Geoff Huston
- Re: [Sidr] initial draft of SIDR Charter Harald Tveit Alvestrand
- [Sidr] V2 draft of SIDR Charter Geoff Huston
- Re: [Sidr] initial draft of SIDR Charter Geoff Huston
- Re: [Sidr] initial draft of SIDR Charter Harald Tveit Alvestrand
- Re: [Sidr] initial draft of SIDR Charter Geoff Huston
- [Sidr] V3 draft of SIDR Charter Geoff Huston
- Re: [Sidr] V3 draft of SIDR Charter william(at)elan.net
- Re: [Sidr] V3 draft of SIDR Charter Geoff Huston
- Re: [Sidr] V3 draft of SIDR Charter william(at)elan.net
- Re: [Sidr] V3 draft of SIDR Charter Geoff Huston
- Re: [Sidr] V3 draft of SIDR Charter william(at)elan.net
- Re: [Sidr] V3 draft of SIDR Charter Geoff Huston
- Re: [Sidr] V3 draft of SIDR Charter Henk Uijterwaal
- Re: [Sidr] V3 draft of SIDR Charter william(at)elan.net
- Re: [Sidr] V3 draft of SIDR Charter Geoff Huston
- Re: [Sidr] V3 draft of SIDR Charter Stephen Kent