Re: [sidr] Fwd: New Version Notification for draft-ietf-sidr-algorithm-agility-03.txt

Stephen Kent <> Wed, 03 August 2011 19:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8E33E21F8B8E for <>; Wed, 3 Aug 2011 12:35:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -106.617
X-Spam-Status: No, score=-106.617 tagged_above=-999 required=5 tests=[AWL=-0.018, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fXM1E8QEr4xg for <>; Wed, 3 Aug 2011 12:35:50 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 08CBE21F8B8B for <>; Wed, 3 Aug 2011 12:35:50 -0700 (PDT)
Received: from ([]:49157) by with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <>) id 1QohEY-000P4L-HD for; Wed, 03 Aug 2011 15:36:02 -0400
Mime-Version: 1.0
Message-Id: <p06240807ca5e0bcbcee5@[]>
In-Reply-To: <>
References: <> <>
Date: Wed, 03 Aug 2011 15:35:56 -0400
From: Stephen Kent <>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Subject: Re: [sidr] Fwd: New Version Notification for draft-ietf-sidr-algorithm-agility-03.txt
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 03 Aug 2011 19:35:50 -0000

At 11:31 AM +0200 8/2/11, Roque Gagliano wrote:
>Content-Type: multipart/signed; boundary=Apple-Mail-113--1037130997; 
>protocol="application/pkcs7-signature"; micalg=sha1
>Dear WG,
>I uploaded a new version of the draft preparing it for WGLC.
>The only change is a requirement from the BGPSEC team to include a 
>paragraph in section 4.2 that clarifies that "mixed" certs are not 
>allowed only for CA certs but may be possible for EE certs that do 
>not validate repository objects (i.e. BGPSEC certs).


As the individual responsible for the changed text, let me explain the
history for these changes.

Geoff Huston sent one or more messages to Sean Turner asking some questions
about Sean's BGPSEC router cert I-D.  Sean passed on one of these 
questions to me. The question asked whether using an ECDSA key in a 
router cert (as Sean's
draft proposes) would require invoking the alg transition doc on which Roque,
Sean, and I are co-authors.

I thought about the question and decided to revise the text that we 
had written. Specifically, I felt that use of a different alg suite 
in a EE cert that was NOT used to verify a sig on a repository object 
need not invoke the alg transition spec.  The reasons for this are 
detailed in a message I sent earlier today.

So, when Roque refers to the "BGPSEC team" above, I think he is referring to
Sean, and me, as his co-authors on this doc, plus Geoff, the WG member who
raised a question that motivated the changed text.