Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles

Chris Morrow <morrowc@ops-netman.net> Thu, 03 May 2012 14:14 UTC

Return-Path: <morrowc@ops-netman.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 922D921F85FF; Thu, 3 May 2012 07:14:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.3
X-Spam-Level:
X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_15=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AipxCa9FnjZD; Thu, 3 May 2012 07:14:20 -0700 (PDT)
Received: from mailserver.ops-netman.net (mailserver.ops-netman.net [IPv6:2001:470:e495:fade:5054:ff:fe79:69db]) by ietfa.amsl.com (Postfix) with ESMTP id D7A6C21F8601; Thu, 3 May 2012 07:14:19 -0700 (PDT)
Received: from donkey.her.corp.google.com (unknown [IPv6:2620:0:100a:0:baac:6fff:fe92:fb7a]) (Authenticated sender: morrowc@OPS-NETMAN.NET) by mailserver.ops-netman.net (Postfix) with ESMTPSA id 2FDC0320086; Thu, 3 May 2012 14:14:12 +0000 (UTC)
Message-ID: <4FA292AF.2040901@ops-netman.net>
Date: Thu, 03 May 2012 10:14:07 -0400
From: Chris Morrow <morrowc@ops-netman.net>
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: "t.petch" <ietfc@btconnect.com>
References: <CAL9jLaZ6y7TAGx844e65ReJsaUFW5sOGNKKMUth3G4VMZV8Z8g@mail.gmail.com> <00d501cd2902$7a53d440$4001a8c0@gateway.2wire.net>
In-Reply-To: <00d501cd2902$7a53d440$4001a8c0@gateway.2wire.net>
X-Enigmail-Version: 1.4.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: sidr-chairs@ietf.org, "sidr-ads@tools.ietf.org" <sidr-ads@tools.ietf.org>, sidr@ietf.org
Subject: Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2012 14:14:20 -0000

On 05/03/2012 03:57 AM, t.petch wrote:
> A question arising from my ignorance.
> 
> How do values in the security arc get assigned?  Not IANA since there are no
> IANA considerations, but how then?

good question... the below are asn.1 things, quickly searching around
isn't helping me out much either :(

Russ, any idea how this happens in practice? 'lick finger, test wind,
guess number' seems like the wrong method...

> 
> On the IANA profiles web page I can see
> (1.3.6.1.5.5.4)
> and
> (1.3.6.1.5.5.8)
> but no 1.3.6.1.5.5.7, just a reference to Russ.
> 
> 
> Tom Petch
> 
> ----- Original Message -----
> From: "Christopher Morrow" <morrowc.lists@gmail.com>
> To: <sidr@ietf.org>rg>; <sidr-chairs@ietf.org>
> Sent: Friday, April 13, 2012 10:16 PM
> 
> Helo WG peoples,
> The following update posted today. Sean and Tom have come to agreement
> on their differences, I believe this closes the last open items on
> this document.
> 
> Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012
> 
> Thanks!
> -Chris
> <co-chair>
> 
> On Fri, Apr 13, 2012 at 3:03 PM,  <internet-drafts@ietf.org> wrote:
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
> directories. This draft is a work item of the Secure Inter-Domain Routing
> Working Group of the IETF.
>>
>> Title : A Profile for BGPSEC Router Certificates, Certificate Revocation
> Lists, and Certification Requests
>> Author(s) : Mark Reynolds
>> Sean Turner
>> Steve Kent
>> Filename : draft-ietf-sidr-bgpsec-pki-profiles-03.txt
>> Pages : 11
>> Date : 2012-04-13
>>
>> This document defines a standard profile for X.509 certificates for
>> the purposes of supporting validation of Autonomous System (AS) paths
>> in the Border Gateway Protocol (BGP), as part of an extension to that
>> protocol known as BGPSEC. BGP is a critical component for the proper
>> operation of the Internet as a whole. The BGPSEC protocol is under
>> development as a component to address the requirement to provide
>> security for the BGP protocol. The goal of BGPSEC is to design a
>> protocol for full AS path validation based on the use of strong
>> cryptographic primitives. The end-entity (EE) certificates specified
>> by this profile are issued under Resource Public Key Infrastructure
>> (RPKI) Certification Authority (CA) certificates, containing the AS
>> Identifier Delegation extension, to routers within the Autonomous
>> System (AS). The certificate asserts that the router(s) holding the
>> private key are authorized to send out secure route advertisements on
>> behalf of the specified AS. This document also profiles the
>> Certificate Revocation List (CRL), profiles the format of
>> certification requests, and specifies Relying Party certificate path
>> validation procedures. The document extends the RPKI; therefore,
>> this documents updates the RPKI Resource Certificates Profile (RFC
>> 6487).
>>
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> This Internet-Draft can be retrieved at:
>> ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt
>>
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>