IETF Logo Mail Archive

Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))

Christopher Morrow <morrowc.lists@gmail.com> Sat, 05 May 2012 01:54 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0351721E802D for <sidr@ietfa.amsl.com>; Fri, 4 May 2012 18:54:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.582
X-Spam-Level:
X-Spam-Status: No, score=-103.582 tagged_above=-999 required=5 tests=[AWL=0.017, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gOPAf6a6n4uo for <sidr@ietfa.amsl.com>; Fri, 4 May 2012 18:54:06 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id 73E6B21E8018 for <sidr@ietf.org>; Fri, 4 May 2012 18:54:06 -0700 (PDT)
Received: by obbeh20 with SMTP id eh20so5623995obb.31 for <sidr@ietf.org>; Fri, 04 May 2012 18:54:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=NQkYifyCWw19dZq+B91SPCOgFUU++kA2+fk19zTjzxc=; b=Wpmx8JMhWx0d8IhHm58k7LK/3cpp6Zk+WUed+RnxiZOWLLYhA91QLI2DxkRU35N7+r p5uYALA9GlHynSiUg0bWYKRzWrgtPO8CpjLWfiCfFskp4hZpcHmPHmM9G04LBhqCjacr /1eQIPH6KRSOhh5q9qQ6qBgHoeQwolBfmrWF3rpZRH9xNS/V5DJaDY7zFm9vQLOl5YG+ sNAtV+68tbqGn029jP94E+9qUMKyhu2ZYmAfFMZ185+yXBatPUe7Y1d3ocLm8Bwj5JOm HecckP0vmZRS1tyBhA2hrbRHMc9aJcsfsxy13YiXboZdfPC6Uv6GqqY866cGaDfdWf69 qlpg==
MIME-Version: 1.0
Received: by 10.60.13.37 with SMTP id e5mr11319511oec.70.1336182845980; Fri, 04 May 2012 18:54:05 -0700 (PDT)
Sender: christopher.morrow@gmail.com
Received: by 10.182.155.39 with HTTP; Fri, 4 May 2012 18:54:05 -0700 (PDT)
In-Reply-To: <CE0C4A314044C843AEE900875D90D54E10847F@BRN1WNEXMBX01.vcorp.ad.vrsn.com>
References: <4FA48240.9060405@ops-netman.net> <CE0C4A314044C843AEE900875D90D54E10847F@BRN1WNEXMBX01.vcorp.ad.vrsn.com>
Date: Fri, 04 May 2012 21:54:05 -0400
X-Google-Sender-Auth: wffzXoeJ733L7ZxGco76Wtik-Po
Message-ID: <CAL9jLaZMkT-F5x5LAsjDhXsNnbG9akLhEotwT-eC=-6yX0J0kw@mail.gmail.com>
From: Christopher Morrow <morrowc.lists@gmail.com>
To: "Osterweil, Eric" <eosterweil@verisign.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "sidr-chairs@tools.ietf.org" <sidr-chairs@tools.ietf.org>, "Sandra.Murphy@sparta.com" <Sandra.Murphy@sparta.com>, "sidr-ads@tools.ietf.org" <sidr-ads@tools.ietf.org>, "morrowc@ops-netman.net" <morrowc@ops-netman.net>, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 May 2012 01:54:07 -0000

On Fri, May 4, 2012 at 9:37 PM, Osterweil, Eric <eosterweil@verisign.com> wrote:
> Hey Chris,
>
> Yeah, I read that. I know there's a tendency for some people to want to talk about bath houses on this list, but I was going to pass on that.
>
> As for draft-ymbk-bgpsec-rtr-rekeying-00.txt, that draft just points out the inadequacies of either approach and that there is no good solution. My take is that this is indicative of a misalignment between a given architecture and implicit requirements. Sometimes you can't patch the holes in a leaky ship, you need to reassess the requirements. I think the evidence illustrates that this is the case here.
>

it seems to me that putting key-material on a distant router is done
today... isn't it? or are you saying that how you do it today leaves
you feeling icky, and you'd rather another method be devised?

Could you outline a possible method? (provide a solution, for instance)

> Eric
>
>
> ----- Original Message -----
> From: Chris Morrow [mailto:morrowc@ops-netman.net]
> Sent: Friday, May 04, 2012 09:28 PM
> To: Osterweil, Eric
> Cc: 'Sandra.Murphy@sparta.com' <Sandra.Murphy@sparta.com>; 'danny@tcb.net' <danny@tcb.net>; 'morrowc.lists@gmail.com' <morrowc.lists@gmail.com>; 'sidr@ietf.org' <sidr@ietf.org>; 'sidr-chairs@tools.ietf.org' <sidr-chairs@tools.ietf.org>; 'sidr-ads@tools.ietf.org' <sidr-ads@tools.ietf.org>
> Subject: Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012)))
>
>
>
> On 05/04/2012 08:59 PM, Osterweil, Eric wrote:
>
>> His point is NOT addressed by any draft in the wg (since you asked).
>
> read randy's mentioned draft?

v2.23.0 | Report a Bug | By Email