Re: [sidr] WGLC: draft-ietf-sidr-rtr-keying - finishes - 10/16/2017 - Oct 16, 2017

Sean Turner <sean@sn3rd.com> Thu, 05 October 2017 18:37 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAB3513304A for <sidr@ietfa.amsl.com>; Thu, 5 Oct 2017 11:37:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fWWkLJbHohgE for <sidr@ietfa.amsl.com>; Thu, 5 Oct 2017 11:36:59 -0700 (PDT)
Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC93C13432D for <sidr@ietf.org>; Thu, 5 Oct 2017 11:36:57 -0700 (PDT)
Received: by mail-it0-x232.google.com with SMTP id p138so2471208itp.2 for <sidr@ietf.org>; Thu, 05 Oct 2017 11:36:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=0BXm4bLNWkVPTJBJhSXOYxD1aWkPNtqtJEfzjdF1Ie8=; b=hjT6YF093JPJCoDAVAD51MH580eb7GTx24jI5DmBRYusGNizqPvWMYwWr81RV8ssSv OWUGfvgopJqCZXPWDXJg/o7GTjSmNIY5bvLYHeRlSpRSQKacpFd7LFXS4r640SKeCrI8 sYFfA/OZWK8+AXsofmaGH5yftwZsVa0hb31IQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=0BXm4bLNWkVPTJBJhSXOYxD1aWkPNtqtJEfzjdF1Ie8=; b=mb9ARnX8Pw5j5sYIKxIksbjc3ManzjYYehY7nlAdW32oYBOylllsK1hKJ5y17HCDGb Zaebmu/JcvpuL98+T0MhwXuUSbtkL1sMP8qlJG0CYAC/Eo1ePo4uSvHp6Ztjl4mnYJm4 epmsNEtLk4++PayhW4YUAUZ2hMw0BwkB3REqxQ/JuTiVb3FYYSz+t+67TrXTGvIV7ebo Ac3xOmml5zdrxPXXSNHe/YFNTh8ph3FqZX3Bqgnte4+O1k32eQ5MnTQnDb7oU2V9Cpnb utI4z5TJJsYQ3ajByd4rwpRiPoGcExvbjkUXp+eI3JGmgD68HKRkYqhkf4SaVqRg7O4P 2Kyg==
X-Gm-Message-State: AMCzsaXPrgURNyAJ9NehFZMJYluQx3KSMwz+8rcM4qcVSpXliFrr+eo/ LG+cDlpG3UEEaBkhOXjPFpGGDQ==
X-Google-Smtp-Source: AOwi7QDHFDOACxUhnCITcJAxLFVTdsXR/6NrLEAJ6S39FrZv3yg2Xg7nL1EbkHd+CXi0r/XOUtbyKQ==
X-Received: by 10.36.200.130 with SMTP id w124mr83775itf.25.1507228617020; Thu, 05 Oct 2017 11:36:57 -0700 (PDT)
Received: from [5.5.33.173] (vpn.snozzages.com. [204.42.252.17]) by smtp.gmail.com with ESMTPSA id k76sm9861ita.43.2017.10.05.11.36.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Oct 2017 11:36:56 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <470CB4A7-8639-4889-AF51-C0B8B4CCA4C9@ripe.net>
Date: Thu, 5 Oct 2017 11:36:53 -0700
Cc: Christopher Morrow <christopher.morrow@gmail.com>, sidr-ads@ietf.org, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, "sidr@ietf.org" <sidr@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3EECD8A0-03BE-42D8-9C93-7420EE205EEF@sn3rd.com>
References: <CAL9jLaYXK4vLGtNgqs_ofPmEBez=AmrgD+dPwUhG-=A_NHokTg@mail.gmail.com> <470CB4A7-8639-4889-AF51-C0B8B4CCA4C9@ripe.net>
To: Tim Bruijnzeels <tim@ripe.net>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/z0SylIMTz909lA19aNum_fTZ7JQ>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-rtr-keying - finishes - 10/16/2017 - Oct 16, 2017
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Oct 2017 18:37:01 -0000

Always happy to see the “ship it” response to a WGLC :)

Note that we weren’t restrictive on purpose.   There’s a whole bunch of ways how the CSR could get delivered based on where it was made and it would be silly for us to have said you must do it this way. 

spt

> On Oct 5, 2017, at 05:27, Tim Bruijnzeels <tim@ripe.net> wrote:
> 
> Hi,
> 
> This looks reasonable to me, but I can’t speak really to the router implementation - being neither a network operator nor a router vendor. As a CA operator I note that the draft is not restrictive about exactly how the RPKI CA gets the CSR, and the signed certificate is returned. That’s a good thing to me at this point, so I would say ship it. But I believe it would be good to keep this in mind in the sidr-ops WG - if this proves operationally difficult then it may be something to discuss further later.
> 
> Tim
> 
>> On 3 Oct 2017, at 05:14, Christopher Morrow <christopher.morrow@gmail.com> wrote:
>> 
>> WG Folk,
>> I thought I had sent this note our previously, but... better late then never sent:
>> 
>> Please consider this the WGLC for:
>>  https://tools.ietf.org/html/draft-ietf-sidr-rtr-keying-13
>> 
>> Abstract:
>>  "BGPsec-speaking routers are provisioned with private keys in order to
>>   sign BGPsec announcements.  The corresponding public keys are
>>   published in the global Resource Public Key Infrastructure, enabling
>>   verification of BGPsec messages.  This document describes two methods
>>   of generating the public-private key-pairs: router-driven and
>>   operator-driven."
>> 
>> Please send along comments/complaints/issues/kudos (to the authors), to the list and I'll see you all in ~14 or so days.
>> 
>> Thanks!
>> -chris
>> co-chair
>> _______________________________________________
>> sidr mailing list
>> sidr@ietf.org
>> https://www.ietf.org/mailman/listinfo/sidr
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr