Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-01.txt
Sean Turner <turners@ieca.com> Fri, 13 April 2012 18:49 UTC
Return-Path: <turners@ieca.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 863C011E8098 for <sidr@ietfa.amsl.com>; Fri, 13 Apr 2012 11:49:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.682
X-Spam-Level:
X-Spam-Status: No, score=-101.682 tagged_above=-999 required=5 tests=[AWL=-0.017, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_15=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rfMDycdjBgE4 for <sidr@ietfa.amsl.com>; Fri, 13 Apr 2012 11:49:38 -0700 (PDT)
Received: from gateway01.websitewelcome.com (gateway01.websitewelcome.com [69.41.247.19]) by ietfa.amsl.com (Postfix) with ESMTP id 4D80811E80C1 for <sidr@ietf.org>; Fri, 13 Apr 2012 11:49:38 -0700 (PDT)
Received: by gateway01.websitewelcome.com (Postfix, from userid 5007) id 9D83D33F16468; Fri, 13 Apr 2012 13:49:37 -0500 (CDT)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway01.websitewelcome.com (Postfix) with ESMTP id 90BE033F16448 for <sidr@ietf.org>; Fri, 13 Apr 2012 13:49:37 -0500 (CDT)
Received: from [96.231.121.181] (port=37281 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <turners@ieca.com>) id 1SIlYu-0007O1-EZ; Fri, 13 Apr 2012 13:49:37 -0500
Message-ID: <4F88753F.5030607@ieca.com>
Date: Fri, 13 Apr 2012 14:49:35 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: "t.petch" <ietfc@btconnect.com>
References: <20111205182057.9350.73900.idtracker@ietfa.amsl.com> <CAL9jLaYXtePEJ1FyhxkKuRwFBiLPRN8pqT2va97-YG15Fqznvw@mail.gmail.com> <014e01cd1960$f007a4c0$4001a8c0@gateway.2wire.net> <4F8819C5.30507@ieca.com> <002901cd199b$7708c0a0$4001a8c0@gateway.2wire.net>
In-Reply-To: <002901cd199b$7708c0a0$4001a8c0@gateway.2wire.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-96-231-121-181.washdc.east.verizon.net (thunderfish.local) [96.231.121.181]:37281
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 11
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Cc: sidr-chairs@ietf.org, sidr@ietf.org
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-01.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2012 18:49:39 -0000
Tom, Okay posting new version shortly. spt On 4/13/12 1:32 PM, t.petch wrote: > ----- Original Message ----- > From: "Sean Turner"<turners@ieca.com> > To: "t.petch"<ietfc@btconnect.com> > Cc: "Christopher Morrow"<morrowc.lists@gmail.com>;<sidr@ietf.org>; > <sidr-chairs@ietf.org> > Sent: Friday, April 13, 2012 2:19 PM > >> Tom, >> >> Responses inline. >> > > Sean > > yes, that looks fine > > Tom > > > >> spt >> >> On 4/13/12 6:33 AM, t.petch wrote: >>> ----- Original Message ----- >>> From: "Christopher Morrow"<morrowc.lists@gmail.com> >>> To:<sidr@ietf.org>;<sidr-chairs@ietf.org>; "Sean Turner"<turners@ieca.com>; >>> "t.petch"<ietfc@btconnect.com> >>> Sent: Wednesday, March 28, 2012 2:33 PM >>> Subject: Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-01.txt >>> >>> >>> Sean/Tom, >>> Tom had some comments on the previous (I believe) version of this >>> draft, are they addressed to your satisfaction Tom? >>> >>> <tp> >>> Not really; it still says >>> >>> " o BGPSEC Router Certificates MUST include the BGPSEC EKU defined in >>> Section 3.9.5." >>> but the I-D has no section 3.9.5 so it is unclear what is meant. >> >> So this has been there for a while :( It should be pointing to the EKU >> defined in s3.1.3.1. It's an just an OID you stick in the EKU extension. >> >>> And I [still] find it hard to parse >>> ' The validation procedure used for BGPSEC Router Certificates is >>> identical to the validation procedure described in Section 7 of >>> [RFC6487] except that where "this specification" refers to [RFC6487] >>> in that profile in this profile "this specification" is this >>> document.' >>> {a bit like those brain teasers where a single sentence has 13 consecutive >>> 'and's but lacks punctuation} >> >> I'm trying to avoid copying all the text from 6487 over in to this >> draft. I would just point there, but I can see somebody doing something >> silly like not understanding that the restrictions on the validation >> procedure are in bgpsec-pki-profiles draft. So how about this: >> >> The validation procedure used for BGPSEC Router Certificates is >> identical to the validation procedure described in Section 7 of >> [RFC6487]. The exception is that the constraints applied come >> from this specification (e.g., in step 3: the certificate >> contains all the field that must be present - refers to the >> fields that are required by this specification). >> >>> Tom Petch >>> </tp> >>> >>> >>> Sean, if Tom's ok with the changes, should we move this along? >>> >>> -Chris >>> <cochair> >>> >>> On Mon, Dec 5, 2011 at 1:20 PM,<internet-drafts@ietf.org> wrote: >>>> >>>> A New Internet-Draft is available from the on-line Internet-Drafts >>> directories. This draft is a work item of the Secure Inter-Domain Routing >>> Working Group of the IETF. >>>> >>>> Title : A Profile for BGPSEC Router Certificates, Certificate Revocation >>> Lists, and Certification Requests >>>> Author(s) : Mark Reynolds >>>> Sean Turner >>>> Steve Kent >>>> Filename : draft-ietf-sidr-bgpsec-pki-profiles-01.txt >>>> Pages : 11 >>>> Date : 2011-12-05 >>>> >>>> This document defines a standard profile for X.509 certificates for >>>> the purposes of supporting validation of Autonomous System (AS) paths >>>> in the Border Gateway Protocol (BGP), as part of an extension to that >>>> protocol known as BGPSEC. BGP is a critical component for the proper >>>> operation of the Internet as a whole. The BGPSEC protocol is under >>>> development as a component to address the requirement to provide >>>> security for the BGP protocol. The goal of BGPSEC is to design a >>>> protocol for full AS path validation based on the use of strong >>>> cryptographic primitives. The end-entity (EE) certificates specified >>>> by this profile are issued under Resource Public Key Infrastructure >>>> (RPKI) Certification Authority (CA) certificates, containing the AS >>>> Identifier Delegation extension, to routers within the Autonomous >>>> System (AS). The certificate asserts that the router(s) holding the >>>> private key are authorized to send out secure route advertisements on >>>> behalf of the specified AS. This document also profiles the >>>> Certificate Revocation List (CRL), profiles the format of >>>> certification requests, and specifies Relying Party certificate path >>>> validation procedures. The document extends the RPKI; therefore, >>>> this documents updates the RPKI Resource Certificates Profile (draft- >>>> ietf-sidr-res-cert-profile). >>>> >>>> >>>> A URL for this Internet-Draft is: >>>> > http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-01.txt >>>> >>>> Internet-Drafts are also available by anonymous FTP at: >>>> ftp://ftp.ietf.org/internet-drafts/ >>>> >>>> This Internet-Draft can be retrieved at: >>>> > ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-01.txt >>>> >>>> _______________________________________________ >>>> sidr mailing list >>>> sidr@ietf.org >>>> https://www.ietf.org/mailman/listinfo/sidr >>> >>> >>> >>> >> > > >
- [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-pro… internet-drafts
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… Sean Turner
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… Christopher Morrow
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… Sean Turner
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… Sean Turner
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… t.petch
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… t.petch
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… Sean Turner