Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-01.txt
t.petch <ietfc@btconnect.com> Fri, 13 April 2012 18:35 UTC
Return-Path: <ietfc@btconnect.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B54121F8546; Fri, 13 Apr 2012 11:35:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_15=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jx2rKk-Wj0tT; Fri, 13 Apr 2012 11:35:12 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe002.messaging.microsoft.com [216.32.180.12]) by ietfa.amsl.com (Postfix) with ESMTP id 99E2B21F854A; Fri, 13 Apr 2012 11:34:52 -0700 (PDT)
Received: from mail110-va3-R.bigfish.com (10.7.14.251) by VA3EHSOBE008.bigfish.com (10.7.40.28) with Microsoft SMTP Server id 14.1.225.23; Fri, 13 Apr 2012 18:34:51 +0000
Received: from mail110-va3 (localhost [127.0.0.1]) by mail110-va3-R.bigfish.com (Postfix) with ESMTP id B16AF2A0699; Fri, 13 Apr 2012 18:34:51 +0000 (UTC)
X-SpamScore: -33
X-BigFish: PS-33(zzbb2dI9371I936eK542M1432N98dK7605jzz1202hzz1033IL8275bh8275dhz2dh2a8h5a9h668h839hd24h304l)
X-Forefront-Antispam-Report: CIP:157.55.224.141; KIP:(null); UIP:(null); IPV:NLI; H:DB3PRD0702HT007.eurprd07.prod.outlook.com; RD:none; EFVD:NLI
Received: from mail110-va3 (localhost.localdomain [127.0.0.1]) by mail110-va3 (MessageSwitch) id 1334342090603731_13578; Fri, 13 Apr 2012 18:34:50 +0000 (UTC)
Received: from VA3EHSMHS019.bigfish.com (unknown [10.7.14.243]) by mail110-va3.bigfish.com (Postfix) with ESMTP id 8D359240272; Fri, 13 Apr 2012 18:34:50 +0000 (UTC)
Received: from DB3PRD0702HT007.eurprd07.prod.outlook.com (157.55.224.141) by VA3EHSMHS019.bigfish.com (10.7.99.29) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 13 Apr 2012 18:34:47 +0000
Received: from CH1PRD0302HT002.namprd03.prod.outlook.com (157.55.61.146) by pod51017.outlook.com (10.3.4.168) with Microsoft SMTP Server (TLS) id 14.15.57.1; Fri, 13 Apr 2012 18:34:28 +0000
Message-ID: <002901cd199b$7708c0a0$4001a8c0@gateway.2wire.net>
From: "t.petch" <ietfc@btconnect.com>
To: Sean Turner <turners@ieca.com>
References: <20111205182057.9350.73900.idtracker@ietfa.amsl.com> <CAL9jLaYXtePEJ1FyhxkKuRwFBiLPRN8pqT2va97-YG15Fqznvw@mail.gmail.com> <014e01cd1960$f007a4c0$4001a8c0@gateway.2wire.net> <4F8819C5.30507@ieca.com>
Date: Fri, 13 Apr 2012 19:32:48 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.55.61.146]
X-OriginatorOrg: btconnect.com
Cc: sidr-chairs@ietf.org, sidr@ietf.org
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-01.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2012 18:35:13 -0000
----- Original Message ----- From: "Sean Turner" <turners@ieca.com> To: "t.petch" <ietfc@btconnect.com> Cc: "Christopher Morrow" <morrowc.lists@gmail.com>; <sidr@ietf.org>; <sidr-chairs@ietf.org> Sent: Friday, April 13, 2012 2:19 PM > Tom, > > Responses inline. > Sean yes, that looks fine Tom > spt > > On 4/13/12 6:33 AM, t.petch wrote: > > ----- Original Message ----- > > From: "Christopher Morrow"<morrowc.lists@gmail.com> > > To:<sidr@ietf.org>;<sidr-chairs@ietf.org>; "Sean Turner"<turners@ieca.com>; > > "t.petch"<ietfc@btconnect.com> > > Sent: Wednesday, March 28, 2012 2:33 PM > > Subject: Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-01.txt > > > > > > Sean/Tom, > > Tom had some comments on the previous (I believe) version of this > > draft, are they addressed to your satisfaction Tom? > > > > <tp> > > Not really; it still says > > > > " o BGPSEC Router Certificates MUST include the BGPSEC EKU defined in > > Section 3.9.5." > > but the I-D has no section 3.9.5 so it is unclear what is meant. > > So this has been there for a while :( It should be pointing to the EKU > defined in s3.1.3.1. It's an just an OID you stick in the EKU extension. > > > And I [still] find it hard to parse > > ' The validation procedure used for BGPSEC Router Certificates is > > identical to the validation procedure described in Section 7 of > > [RFC6487] except that where "this specification" refers to [RFC6487] > > in that profile in this profile "this specification" is this > > document.' > > {a bit like those brain teasers where a single sentence has 13 consecutive > > 'and's but lacks punctuation} > > I'm trying to avoid copying all the text from 6487 over in to this > draft. I would just point there, but I can see somebody doing something > silly like not understanding that the restrictions on the validation > procedure are in bgpsec-pki-profiles draft. So how about this: > > The validation procedure used for BGPSEC Router Certificates is > identical to the validation procedure described in Section 7 of > [RFC6487]. The exception is that the constraints applied come > from this specification (e.g., in step 3: the certificate > contains all the field that must be present - refers to the > fields that are required by this specification). > > > Tom Petch > > </tp> > > > > > > Sean, if Tom's ok with the changes, should we move this along? > > > > -Chris > > <cochair> > > > > On Mon, Dec 5, 2011 at 1:20 PM,<internet-drafts@ietf.org> wrote: > >> > >> A New Internet-Draft is available from the on-line Internet-Drafts > > directories. This draft is a work item of the Secure Inter-Domain Routing > > Working Group of the IETF. > >> > >> Title : A Profile for BGPSEC Router Certificates, Certificate Revocation > > Lists, and Certification Requests > >> Author(s) : Mark Reynolds > >> Sean Turner > >> Steve Kent > >> Filename : draft-ietf-sidr-bgpsec-pki-profiles-01.txt > >> Pages : 11 > >> Date : 2011-12-05 > >> > >> This document defines a standard profile for X.509 certificates for > >> the purposes of supporting validation of Autonomous System (AS) paths > >> in the Border Gateway Protocol (BGP), as part of an extension to that > >> protocol known as BGPSEC. BGP is a critical component for the proper > >> operation of the Internet as a whole. The BGPSEC protocol is under > >> development as a component to address the requirement to provide > >> security for the BGP protocol. The goal of BGPSEC is to design a > >> protocol for full AS path validation based on the use of strong > >> cryptographic primitives. The end-entity (EE) certificates specified > >> by this profile are issued under Resource Public Key Infrastructure > >> (RPKI) Certification Authority (CA) certificates, containing the AS > >> Identifier Delegation extension, to routers within the Autonomous > >> System (AS). The certificate asserts that the router(s) holding the > >> private key are authorized to send out secure route advertisements on > >> behalf of the specified AS. This document also profiles the > >> Certificate Revocation List (CRL), profiles the format of > >> certification requests, and specifies Relying Party certificate path > >> validation procedures. The document extends the RPKI; therefore, > >> this documents updates the RPKI Resource Certificates Profile (draft- > >> ietf-sidr-res-cert-profile). > >> > >> > >> A URL for this Internet-Draft is: > >> http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-01.txt > >> > >> Internet-Drafts are also available by anonymous FTP at: > >> ftp://ftp.ietf.org/internet-drafts/ > >> > >> This Internet-Draft can be retrieved at: > >> ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-01.txt > >> > >> _______________________________________________ > >> sidr mailing list > >> sidr@ietf.org > >> https://www.ietf.org/mailman/listinfo/sidr > > > > > > > > >
- [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-pro… internet-drafts
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… Sean Turner
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… Christopher Morrow
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… Sean Turner
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… Sean Turner
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… t.petch
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… t.petch
- Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki… Sean Turner