Re: [Sidrops] Test objects: ASPA and BGPSec Router Certificate
Di Ma <madi@rpstir.net> Sun, 24 July 2022 16:25 UTC
Return-Path: <madi@rpstir.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A896CC13192E for <sidrops@ietfa.amsl.com>; Sun, 24 Jul 2022 09:25:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Es4bZ-GQwC7x for <sidrops@ietfa.amsl.com>; Sun, 24 Jul 2022 09:25:08 -0700 (PDT)
Received: from out20-229.mail.aliyun.com (out20-229.mail.aliyun.com [115.124.20.229]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7774C157B45 for <sidrops@ietf.org>; Sun, 24 Jul 2022 09:25:05 -0700 (PDT)
X-Alimail-AntiSpam: AC=CONTINUE; BC=0.09054077|-1; BR=01201311R351S48rulernew998_84748_2000303; CH=blue; DM=|CONTINUE|false|; DS=CONTINUE|ham_news_journal|0.00910259-0.00186438-0.989033; FP=0|0|0|0|0|-1|-1|-1; HT=ay29a033018047204; MF=madi@rpstir.net; NM=1; PH=DS; RN=2; RT=2; SR=0; TI=SMTPD_---.OcS9AFB_1658679900;
Received: from smtpclient.apple(mailfrom:madi@rpstir.net fp:SMTPD_---.OcS9AFB_1658679900) by smtp.aliyun-inc.com; Mon, 25 Jul 2022 00:25:01 +0800
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\))
From: Di Ma <madi@rpstir.net>
In-Reply-To: <DADDAAB3-109E-4B83-A54A-2AAF65E2FA62@nlnetlabs.nl>
Date: Mon, 25 Jul 2022 00:25:00 +0800
Cc: SIDR Operations WG <sidrops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <127BBB15-7F9A-4983-9D7F-742B43F28B05@rpstir.net>
References: <DADDAAB3-109E-4B83-A54A-2AAF65E2FA62@nlnetlabs.nl>
To: Tim Bruijnzeels <tim@nlnetlabs.nl>
X-Mailer: Apple Mail (2.3696.100.31)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/6iysBzadO7yVRAWy5ibPOIhBTVw>
Subject: Re: [Sidrops] Test objects: ASPA and BGPSec Router Certificate
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jul 2022 16:25:11 -0000
Tim, Thanks for your efforts. I am reporting two issues with RPSTIR2 testing it. 1) We manage to decode and validate the asa object grammatically only if we use the very EE as TA, for we cannot locate its parent cert with aki of the EE cert in question. 2) The asa is not calculated into MFT. Di > 2022年7月22日 21:02,Tim Bruijnzeels <tim@nlnetlabs.nl> 写道: > > Dear WG, > > I just published a BGPSec Router Certificate and an ASPA > object under a test CA in our testbed. The CA uses the > following rsync base: > > rsync://testbed.krill.cloud/repo/local-testbed-child/0/ > > The TAL for this testbed lives here: > https://testbed.krill.cloud/testbed.tal > > BGPSec: > ------- > > file: ROUTER-00033979-17316903F0671229E8808BA8E8AB0105FA915A07.cer > > This is valid according to our own probing, but please let > me know if you find any issues with it. > > ASPA: > ----- > > file: AS211321.asa > > The ASPA file still follows the aspa-profile-08, which I > believe is unchanged from what was discussed around the end > of 2021. I can change this after consensus has been reached, > but it may be helpful to have an actual object to look at. > > Please let me know if you find any issues with either object. > > Thanks! > > Tim > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops >
- [Sidrops] Test objects: ASPA and BGPSec Router Ce… Tim Bruijnzeels
- Re: [Sidrops] Test objects: ASPA and BGPSec Route… Job Snijders
- Re: [Sidrops] Test objects: ASPA and BGPSec Route… Tim Bruijnzeels
- Re: [Sidrops] Test objects: ASPA and BGPSec Route… Di Ma
- Re: [Sidrops] Test objects: ASPA and BGPSec Route… Tim Bruijnzeels
- Re: [Sidrops] Test objects: ASPA and BGPSec Route… Tim Bruijnzeels
- Re: [Sidrops] Test objects: ASPA and BGPSec Route… Job Snijders
- Re: [Sidrops] Test objects: ASPA and BGPSec Route… Job Snijders
- Re: [Sidrops] Test objects: ASPA and BGPSec Route… Di Ma