IETF Logo Mail Archive

Re: [sidr] is a longer announce invalid or not found?

Randy Bush <randy@psg.com> Fri, 30 September 2011 20:46 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23B9821F8A58 for <sidr@ietfa.amsl.com>; Fri, 30 Sep 2011 13:46:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.534
X-Spam-Level:
X-Spam-Status: No, score=-2.534 tagged_above=-999 required=5 tests=[AWL=0.065, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B2gs-mDjRxAT for <sidr@ietfa.amsl.com>; Fri, 30 Sep 2011 13:46:37 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by ietfa.amsl.com (Postfix) with ESMTP id B75C021F8A55 for <sidr@ietf.org>; Fri, 30 Sep 2011 13:46:37 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=rair.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.76 (FreeBSD)) (envelope-from <randy@psg.com>) id 1R9k1U-00035c-Gc; Fri, 30 Sep 2011 20:49:32 +0000
Date: Sat, 01 Oct 2011 05:49:31 +0900
Message-ID: <m2ipo9sqlg.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Jakob Heitz <jakob.heitz@ericsson.com>
In-Reply-To: <m2mxdlsqzu.wl%randy@psg.com>
References: <m2d3eilpnq.wl%randy@psg.com> <20110930101754.GB10004@juniper.net> <m2ehyytj2l.wl%randy@psg.com> <20110930122831.GA10176@juniper.net> <m2bou2t7x5.wl%randy@psg.com> <3B65FD95-2E66-4D1F-B630-976ECE99050A@ericsson.com> <m2sjndsrs5.wl%randy@psg.com> <7309FCBCAE981B43ABBE69B31C8D213914A3308B30@EUSAACMS0701.eamcs.ericsson.se> <m2mxdlsqzu.wl%randy@psg.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Cc: "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] is a longer announce invalid or not found?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2011 20:46:38 -0000

> a (let's assume dual homed) leaf site does not have to do much for
> bgpsec.  their upstreams validate, so they do not have to.  all they
> have to do is sign their announcement.  we refer to this as a
> 'simplex' site, they announce signed but do not accept signed data, do
> not hold any key or cert other than their own, ...  cool result is
> that current leaf site hardware could do this, no upgrade.  so, for my
> simplex lazy customer, yes i gen the bgpsec router key for them, and
> they or i stuff it in their router.

< side discussion >

cool hack 14.3: the router itself can gen the public/private key pair a
la ssh, the person configuring can extract the public key and send it to
the rpki goddesses to be signed by the appropriate cert and put in the
rpki.  the private key never leaves the router!

randy

v2.23.0 | Report a Bug | By Email