Randy Bush wrote:
And is there any reason why algorithm agility won't just work?
how do you capability negotiate with a cert? i understand how to do it
with a protocol peer, but not a static object.
not that i think your desire is bad, i just don't see how to get there
from here.
i
I'd be willing to help.
spt
Stephen Kent wrote:
Sandy,
I will be happy to work on both drafts, assuming others volunteer :-).
Steve
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
Geoff,
In the rpki-algs document there's a note in section 3 that talks about
algorithm agility. Part of it copied below:
The alternate approach, of allowing
multiple signature algorithms in the RPKI certificate profile, and in
the specification of CMS signatures as used in manifests, ROAS,
Rob Austein wrote:
I need to read this thread a couple more times before I'll be sure I
really understand all the questions Steve is asking, but one
particular paragraph leapt out at me:
At Fri, 11 Jun 2010 18:08:23 -0400, Steve Kent wrote:
...
One implication of this initial design is that
can't be explained and it's causing problems for key
rollover, then maybe we should drop the checks.
spt
Dave
On 06/15/2010 03:14 PM, Sean Turner wrote:
Did you see something in Section 6.1 of RFC 5280 that made you think
AIA should be used during path validation? If you use the
id-caIssuers
I think this draft is in very good shape. Here are my (mostly minor)
comments on this I-D. IMHO this draft is good to go after
incorporating these changes.
spt
--
1) Abstract: r/the Resource Public Key Infrastructure/the Resource
Public Key Infrastructure (RPKI)
2) Sec 1, 1st para:
This version addressed my comments.
Thanks!
spt
internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title : Signed Object
I really like the way the -roa draft works with the -signed-objects
draft. The -roa draft just points to the -signed-objects and says
what you have to do in addition. I really think this is the way to go
for this draft and the -manifest draft.
One thing I noted about the -roa draft is that
This addresses all of my CP concerns/comments.
Thanks,
spt
internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title :
I think this version looks great with one exception. I believe the
last paragraph in Section 5 (repeated below for convenience) should be
deleted:
In anticipation of a potential need to transition to stronger
cryptographic algorithms in the future, CAs and RPs SHOULD be able to
generate
because the algorithm and key format are identical to
2048-bit RSA modulo the size of the fields.
(or something like that)
spt
Dave
On 10/12/2010 02:06 PM, Sean Turner wrote:
I think this version looks great with one exception. I believe the
last paragraph in Section 5 (repeated below
11/6/2010 4:11 AM, Sandra Murphy wrote:
The authors of draft-ietf-sidr-signed-object-01
(http://tools.ietf.org/html/draft-ietf-sidr-signed-object-01) have
requested a working group last call.
The chairs ask the working group to consider this draft and decide if it
is worthy of publication.
On Fri, 5 Nov 2010, Sandra Murphy wrote:
The authors of draft-ietf-sidr-signed-object-01
(http://tools.ietf.org/html/draft-ietf-sidr-signed-object-01) have
requested a working group last call.
The chairs ask the working group to consider this draft and decide if
it is worthy of publication.
On 11/6/2010 4:15 AM, Sandra Murphy wrote:
On 14 September, Chris Morrow, with wg fedora on, said of
draft-ietf-sidr-ta-04:
Unless there are complaints about this, please get a last rev in
before Bejing so it can start LC just before the meeting.
The authors have submitted a new version
On 11/9/2010 2:00 PM, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title : A Profile for Route Origin Authorizations
Sandy,
I'd support moving this draft forward once an ASN.1 module is added in
an appendix (like the manifest draft).
spt
On 11/17/10 11:55 PM, Sandra Murphy wrote:
Matt Lepinski has requested a WG LC for draft A Profile for Route
Origin Authorizations (ROAs).
The document and the draft
Sandy,
I hate to hold this document up for this, but the example in Appendix B
shows two AKI extensions in the CRL. Shouldn't there be only one (ala
the highlander)?.
spt
On 11/17/10 11:56 PM, Sandra Murphy wrote:
Geoff Huston has requested a WG LC for draft A Profile for X.509 PKIX
Sandy,
I support progressing this document.
spt
On 11/17/10 11:58 PM, Sandra Murphy wrote:
Geoff Huston has requested a WG LC for draft A Profile for Algorithms
and Key Sizes for use in the Resource Public Key Infrastructure.
The document and the draft version history are available at
Sandy,
I support progressing this draft.
spt
On 11/17/10 11:59 PM, Sandra Murphy wrote:
Geoff Huston has requested a WG LC for draft Manifests for the
Resource Public Key Infrastructure.
The document and the draft version history are available at
Sandy,
My only reservation with this document before I support progressing it
is the following from section 4.2:
When a key rollover occurs, the EE certificate for the RPKI signed
object MUST be re-issued, under the key of the NEW CA. A CA MAY
choose to treat this EE certificate the same
):
q66IrWSGuBE7jqx8PAUHAlHCqRw
can we do this as part of the wrap up of the last call rather than a new round?
Geoff
On 01/12/2010, at 10:50 PM, Sean Turner wrote:
Sandy,
I hate to hold this document up for this, but the example in Appendix B shows
two AKI extensions in the CRL. Shouldn't
I now fully support progressing this draft.
spt
On 12/2/10 2:00 PM, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title
Lots of hats in this WG... With my nit-noid checker hat on ;)
- Should this be a BCP or standards track?
- Expand RPKI in abstract and introduction
- Sec 2: r/description od/description of
- Sec 3: r/, [I-D.ietf-sidr-rpki-manifests]./
, and [I-D.ietf-sidr-rpki-manifests].
- Add
On 2/10/11 9:14 PM, Terry Manderson wrote:
Hi Sean,
Thank you for your careful review.
Purely selfish on my part ;) Turns out to be less email now rather than
later.
On 11/02/11 11:31 AM, Sean Turnerturn...@ieca.com wrote:
Lots of hats in this WG... With my nit-noid checker hat on ;)
Hi,
.cer and .crl are already defined in RFC 2585 as part of the
application/pkix-cert and application/pkix-crl registrations. Can we
just point there?
Do we need media type registrations for application/sidr-manifest and
application/sidr-roa?
spt
On 2/16/11 7:16 PM, Geoff Huston wrote:
On Feb 21, 2011, at 1:15 PM, Christopher Morrow morrowc.li...@gmail.com wrote:
(not speaking for the authors, just observing some... also not
speaking as a co-chair)
On Mon, Feb 21, 2011 at 11:23 AM, t.petch daedu...@btconnect.com wrote:
I find this I-D problematic. The subject matter is
Hi,
I think this draft needs media type registrations for .mft and .roa.
.cer and .crl are already in RFC 2585. I think it needs media type
registration because every other draft I've ever seen that specifies a
file extension does so. RFC 2585 specifies .cer and .crl and they're in
a media
whether you think a new version is needed
before requesting publication.
--Sandy
On Thu, 10 Mar 2011, Sean Turner wrote:
Hi,
I think this draft needs media type registrations for .mft and .roa.
.cer and .crl are already in RFC 2585. I think it needs media type
registration because every other
I've read this document and support moving it forward.
Make sure to ask Stewart to send an email to the mailing list
ietf-ty...@ietf.org asking for comments on the Media Type section of
your specification.
spt
On 7/13/11 7:35 PM, Sandra Murphy wrote:
The chairs have received a request
On 8/3/11 8:43 PM, Randy Bush wrote:
The intention was to focus on the use case for the proposed changes
(BGPSEC certs).
what is a BGPSEC cert?
What Mark and I are currently proposing in
draft-turner-sidr-bgpsec-pki-profiles is that a BGPSEC certificate is a
special purpose Resource
I support both too.
spt
On 8/4/11 7:38 PM, Roque Gagliano wrote:
I support adoption of both documents with one comment:
On draft-ymbk-bgp-origin-validation-mib, I would not use the word ROATable.
The router does not interact with ROAs and I believe it is confusing.
In
On 8/5/11 2:11 PM, Sandra Murphy wrote:
On Thu, 4 Aug 2011, Sean Turner wrote:
On 8/3/11 8:43 PM, Randy Bush wrote:
The intention was to focus on the use case for the proposed changes
(BGPSEC certs).
what is a BGPSEC cert?
What Mark and I are currently proposing in
draft-turner-sidr
Sandy,
I just submitted these drafts to the repository.
spt
On 10/21/11 8:24 PM, Sandra Murphy wrote:
There has been much more retro-support for these two drafts than there
was during in the wglc timeframe. I suppose it just escaped everyone's
attention.
There is now sufficient support for
, Key Formats,amp; Signature Formats
Author(s) : Sean Turner
Filename: draft-ietf-sidr-bgpsec-algs-00.txt
Pages : 7
Date: 2011-10-24
This document specifies the algorithms, algorithms#39; parameters,
asymmetric key formats
Certificates, Certificate
Revocation Lists, and Certification Requests
Author(s) : Mark Reynolds
Sean Turner
Filename: draft-ietf-sidr-bgpsec-pki-profiles-00.txt
Pages : 10
Date: 2011-10-24
This document
So I ran through my presentation at a million miles an hour, but I did
get some comments. Here's what I think we ought to do to resolve them:
- From Russ H.: just use cn don't use cn + sn in subject. Rob A. went
and looked at the existing RPKI certs. cn+sn is used so we're going to
leave
Sean Turner
Steve Kent
Filename: draft-ietf-sidr-bgpsec-pki-profiles-01.txt
Pages : 11
Date: 2011-12-05
This document defines a standard profile for X.509 certificates for
the purposes of supporting
.
Title : BGP Algorithms, Key Formats, Signature Formats
Author(s) : Sean Turner
Filename: draft-ietf-sidr-bgpsec-algs-01.txt
Pages : 7
Date: 2011-12-05
This document specifies the algorithms, algorithms
On 1/20/12 7:19 PM, Murphy, Sandra wrote:
The working group has been requested to adopt draft-ymbk-rpki-rtr-impl-01.txt
as a working group draft.
The draft is available at http://tools.ietf.org/html/draft-ymbk-rpki-rtr-impl.
Please respond to the list to say whether you accept this draft as a
-rtr-rekeying-00.txt
A new version of I-D, draft-ymbk-bgpsec-rtr-rekeying-00.txt has been succes=
sfully submitted by Sean Turner and posted to the IETF repository.
Filename:draft-ymbk-bgpsec-rtr-rekeying
Revision:00
Title: Router Keying for BGPsec
Creation date: 2012
On #3, I really like the idea of having interim meetings close to events
that are essentially operator-centric meetings. If this WG is in fact
going to have protocols/boxes deployed/run by operator folk, it'd be
really good to make it easy as possible for them to attend. I know some
attend
:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title : BGP Algorithms, Key Formats, Signature Formats
Author(s) : Sean Turner
Router Certificates, Certificate
Revocation Lists, and Certification Requests
Author(s) : Mark Reynolds
Sean Turner
Steve Kent
Filename: draft-ietf-sidr-bgpsec-pki-profiles-01.txt
Pages : 11
from the on-line Internet-Drafts
directories. This draft is a work item of the Secure Inter-Domain Routing
Working Group of the IETF.
Title : A Profile for BGPSEC Router Certificates, Certificate Revocation
Lists, and Certification Requests
Author(s) : Mark Reynolds
Sean Turner
Steve Kent
On 7/2/12 6:37 PM, Warren Kumari wrote:
On Jun 28, 2012, at 4:45 PM, Murphy, Sandra wrote:
There were only two responses to this call for adoption. Both were positive
(and one was followed by extensive comments), but that's a pretty low
indication of wg interest.
On the chance that people
) : Mark Reynolds
Sean Turner
Steve Kent
Filename: draft-ietf-sidr-bgpsec-pki-profiles-03.txt
Pages : 11
Date: 2012-04-13
This document defines a standard profile for X.509 certificates
I watched/listened the meetecho recording through the HTML5 link.
Pretty cool.
Looking forward to the here's what I'm going to do as a result of the
meeting email from Matt.
BTW on 2.1 - my bad about forgetting that sending the NOTIFICATION
message ends the sessions. Consider the comment
, and Certification Requests
Author(s) : Mark Reynolds
Sean Turner
Steve Kent
Filename: draft-ietf-sidr-bgpsec-pki-profiles-04.txt
Pages : 12
Date: 2012-10-15
Abstract:
This document
The MIB doctors approved a change to MIB security considerations:
https://www.ietf.org/mail-archive/web/mib-doctors/current/msg01369.html
change here:
https://www.ietf.org/mail-archive/web/mib-doctors/current/msg01368.html
Need to make the following change in the security considerations:
OLD
Andy,
A couple of comments:
1) I'm hoping to constrain the type and number of qualifiers that can be
included.
5280 defines two types: cps (for certificate practice statements) and
unotice (to display info to relying parties when the certificate is
used). I'm hoping you just want the cps
Below are some comments on the draft. I also submitted my nits to the
editors.
0) Based on the assumption that draft-newton-sidr-policy-qualifiers will
be adopted because that's what the RIRs want should s1.2 or 1.5 also
include some information about where it can be found? This information
On Thu, Feb 28, 2013 at 9:30 AM, Sean Turner turn...@ieca.com wrote:
Below are some comments on the draft. I also submitted my nits to the
editors.
0) Based on the assumption that draft-newton-sidr-policy-qualifiers will be
adopted because that's what the RIRs want should s1.2 or 1.5 also include
some
Action: draft-ietf-sidr-rtr-keying-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Secure Inter-Domain Routing Working
Group of the IETF.
Title : Router Keying for BGPsec
Author(s) : Sean
+1
spt
On 3/11/13 9:56 AM, Carlos M. Martinez wrote:
I support WG adoption of this draft.
~Carlos
On 3/11/13 9:54 AM, Andy Newton wrote:
On 3/11/13 9:48 AM, Matthew Lepinski mlepinski.i...@gmail.com wrote:
This seems like quite a reasonable document, and I do not anticipate
that it would
Working Group of
the IETF.
Title : BGP Algorithms, Key Formats, Signature Formats
Author(s) : Sean Turner
Filename: draft-ietf-sidr-bgpsec-algs-04.txt
Pages : 7
Date: 2013-03-26
Abstract:
This document
.
Title : A Profile for BGPSEC Router Certificates, Certificate
Revocation Lists, and Certification Requests
Author(s) : Mark Reynolds
Sean Turner
Steve Kent
Filename: draft-ietf-sidr-bgpsec-pki-profiles-05
Routing Working Group of
the IETF.
Title : Router Keying for BGPsec
Author(s) : Sean Turner
Keyur Patel
Randy Bush
Filename: draft-ietf-sidr-rtr-keying-02.txt
Pages : 9
New version should be posted soon addressing this and some other reference
updaets.
spt
On Mar 11, 2014, at 11:56, Christopher Morrow morrowc.li...@gmail.com wrote:
On Tue, Mar 11, 2014 at 10:34 AM, Stephen Kent k...@bbn.com wrote:
Chris,
It was pointed out in passing (hallway/table
I think this one is ready for wglc ;)
nits that can be fixed whenever:
s6:
r/and [RFC6487] a apply to certificate and CRLs
/and [RFC6487] apply to certificates and CRLs
s8: Maybe consider just renaming s8 to “Changes since RFC 6485” and striking:
[Remove before publication.
Dear IESG,
On Feb 24, 2014, at 11:41, Stephen Kent k...@bbn.com wrote:
Rob,
Good catch.
Obscure little conflict that only an implementor would notice: there's
a three-way conflict between the current rtr-keying draft, the current
bgpsec-pki-profile draft, and the base RPKI certificate profile RFC.
: Sean Turner
Keyur Patel
Randy Bush
Filename: draft-ietf-sidr-rtr-keying-05.txt
Pages : 10
Date: 2014-04-29
Abstract:
BGPsec-speaking routers are provisioned with private keys to sign
On Apr 04, 2014, at 15:47, Geoff Huston g...@apnic.net wrote:
The authors of RFC 6487 can speak for themselves, but I think their
intent was to avoid requests for vanity names (CN=Joe's Pizza
instead of CN=4DF2D88957372FF9FDA05C70F2D9E8BA334CFF89), which could
be construed as eroding claims
On May 12, 2014, at 16:03, Randy Bush ra...@psg.com wrote:
Would it make sense to have the name that goes in the router
certificate then be something like “ROUTER-#-32_bit_BGP_Identifier”
where the # gets incremented everytime there’s a new key? For those
that love hard coded lengths this
private keys or not, but I’m not sure if there are
additional considerations that need to be discussed.
Thanks,
Wes
On 4/29/14, 10:14 AM, Sean Turner turn...@ieca.com wrote:
Hi,
This version includes a new section 4 that addresses key management
(i.e., keep a timer to make sure
On May 13, 2014, at 12:23, Randy Bush ra...@psg.com wrote:
Though I’m not sure that there is a huge distinction between disabling
BGPSec and taking the router offline since disabling BGPSec would trigger
neighbor session resets for capability renegotiation unless we’ve
specified otherwise in
is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title : Router Keying for BGPsec
Authors : Sean Turner
Keyur Patel
.
Title : Router Keying for BGPsec
Authors : Sean Turner
Keyur Patel
Randy Bush
Filename: draft-ietf-sidr-rtr-keying-07.txt
Pages : 11
Date: 2014-05-23
Abstract
On Jul 02, 2014, at 10:00, Stephen Kent k...@bbn.com wrote:
Rob,
At Mon, 30 Jun 2014 11:27:03 -0400, Stephen Kent wrote:
I did suggest we might use other cert request mechanisms. EST is the
obvious, current, standards-based option for this, if folks want to
consider alternatives to
wrote:
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title : BGP Algorithms, Key Formats, Signature Formats
Author : Sean Turner
And then I just noticed the section #ing is not sequential :( Stay tuned for
another version.
spt
On Jul 02, 2014, at 11:36, Sean Turner turn...@ieca.com wrote:
A minor update to move some references that were in the wrong place as well
as to correctly identify where the OID goes
On Jul 07, 2014, at 19:42, Sandra Murphy sa...@tislabs.com wrote:
On Jul 7, 2014, at 7:00 PM, Geoff Huston g...@apnic.net wrote:
the header of draft-ietf-sidr-bgpsec-algs-08 says:
Updates: 6485 (if approved)
so I'm still confused about the two 6485 update drafts.
Ah. So
WRT integrating the two specs … whatever is easier.
spt
On Jul 07, 2014, at 13:06, Matthew Lepinski mlepinski.i...@gmail.com wrote:
Oh, one other thing:
If anyone on this list thinks that instead of referencing as-migration, that
we are better off merging as-migration into
All,
I put my working copies of draft-ietf-sidr-bgpsec-pki-profiles and
draft-ietf-sidr-bgpsec-algs up on github:
https://github.com/seanturner/draft-ietf-sidr-bgpsec-pki-profiles
https://github.com/seanturner/draft-ietf-sidr-bgpsec-algs
spt
___
sidr
On Jul 02, 2014, at 11:16, Sean Turner turn...@ieca.com wrote:
On Jul 02, 2014, at 10:00, Stephen Kent k...@bbn.com wrote:
Rob,
At Mon, 30 Jun 2014 11:27:03 -0400, Stephen Kent wrote:
I did suggest we might use other cert request mechanisms. EST is the
obvious, current, standards-based
Authors : Mark Reynolds
Sean Turner
Steve Kent
Filename: draft-ietf-sidr-bgpsec-pki-profiles-08.txt
Pages : 13
Date: 2014-08-12
Abstract:
This document defines a standard
I’ve read this draft and support it progressing. One minor comment:
It would be nice if there was a short summary of the differences between this
version and RFC 6490. Maybe a new section 1.2 titled differences between this
version and RFC 6490:
This document obsoletes RFC 6490 by adding
AS.
or something like that?
spt
--Sandy, speaking as regular ol' member
On Aug 12, 2014, at 8:47 PM, Sean Turner turn...@ieca.com wrote:
This version incorporates the change discussed at IETF 90 - namely include
one and only one AS in the certificate.
The working version is also available
On Oct 08, 2014, at 09:50, Andreas Reuter andreas.rou...@googlemail.com wrote:
Hi,
I came across a (possible) oversight in RFC 6487, Section 4.4 about
the issuer field:
An issuer name MUST contain one instance of the CommonName attribute
and MAY contain one instance of the
On Oct 08, 2014, at 02:48, Randy Bush ra...@psg.com wrote:
Yep the issuer always gets to determine the subject name as per RFC
6487 s4.5 so how about we just leave that bit out and make that
sentence a note:
Note that more than one certificate can be issued to
an AS (i.e., more than one
Sean Turner
Steve Kent
Filename: draft-ietf-sidr-bgpsec-pki-profiles-09.txt
Pages : 13
Date: 2014-11-10
Abstract:
This document defines a standard profile for X.509 certificates for
the purposes
: BGP Algorithms, Key Formats, Signature Formats
Author : Sean Turner
Filename: draft-ietf-sidr-bgpsec-algs-09.txt
Pages : 7
Date: 2015-01-21
Abstract:
This document specifies the algorithms, algorithms' parameters
: A Profile for BGPSEC Router Certificates,
Certificate Revocation Lists, and Certification Requests
Authors : Mark Reynolds
Sean Turner
Steve Kent
Filename: draft-ietf-sidr-bgpsec-pki-profiles-10.txt
: Router Keying for BGPsec
Authors : Sean Turner
Keyur Patel
Randy Bush
Filename: draft-ietf-sidr-rtr-keying-08.txt
Pages : 11
Date: 2015-01-21
Abstract:
BGPsec-speaking routers
On Mar 09, 2015, at 21:07, Richard Hansen rhan...@bbn.com wrote:
Hi all,
I have submitted a bis of RFC6487 as a -00 individual submission, and
will be presenting it in Dallas.
It's a minor change from RFC6487. Changes incorporated:
* all 3 verified errata
Faithfully includes the
On Apr 21, 2015, at 13:23, Richard Hansen rhan...@bbn.com wrote:
On 2015-04-21 02:24, Geoff Huston wrote:
I am trying very hard to understand why or how such a change affects
interoperability of running
code that is based on this specification. So far I’ve been unable to think
of an
On Apr 23, 2015, at 21:50, Richard Hansen rhan...@bbn.com wrote:
On 2015-04-21 18:49, Sean Turner wrote:
so I'd probably just leave it.
Are you saying that the errata process is too heavyweight for a minor
editorial typo like this? If so, is there a more appropriate way to
report
Not seeing any objections I’ll go ahead and spin a new version over the weekend.
spt
On Jun 02, 2015, at 13:32, David Mandelberg da...@mandelberg.org wrote:
Hi,
There's some text in draft-ietf-sidr-bgpsec-pki-profiles-10 sections 3.1 and
3.1.3 that I found confusing. For reference,
it
to you to decide whether that’s enough of a safety margin.
I think Richard gives his opinion in point 8 of this msg:
https://mailarchive.ietf.org/arch/msg/sidr/SLhN-BAOzQmxn-7GmfWxIc2VrrQ
spt
-G
On Thu, Aug 6, 2015 at 8:52 PM, Sean Turner turn...@ieca.com wrote:
On May 22, 2015, at 10:55
Saw you’re earlier msg, but figured I’d just reply to this one.
On Aug 07, 2015, at 12:07, Richard Hansen rhan...@bbn.com wrote:
On 2015-08-07 06:35, Randy Bush wrote:
This change would require certificates to be re-issued (or possibly
keys to be rolled) all the way down from Trust Anchors.
This one looks good - let’s ship it!
spt
On Jul 25, 2015, at 04:47, Geoff Huston g...@apnic.net wrote:
With many thanks to Richard Hansen for his editing of this draft, I believe
that
this draft addresses both the underlying tech issue that was unable to be
addressed
in an erratum, and
On May 22, 2015, at 10:55, Richard Hansen rhan...@bbn.com wrote:
Hi all,
A while back Sean Turner raised the idea of switching to SHA-256 for the
Subject Key Identifier while discussing rfc6487bis (see
http://article.gmane.org/gmane.ietf.sidr/6878). I see a couple of
reasons to do
.
Title : BGPsec Algorithms, Key Formats, Signature Formats
Author : Sean Turner
Filename: draft-ietf-sidr-bgpsec-algs-11.txt
Pages : 7
Date: 2015-08-06
Abstract:
This document specifies the algorithms
of
the IETF.
Title : BGPsec Algorithms, Key Formats, Signature Formats
Author : Sean Turner
Filename: draft-ietf-sidr-bgpsec-algs-10.txt
Pages : 7
Date: 2015-07-20
Abstract:
This document specifies
of
the IETF.
Title : Router Keying for BGPsec
Authors : Sean Turner
Keyur Patel
Randy Bush
Filename: draft-ietf-sidr-rtr-keying-09.txt
Pages : 11
Date: 2015-07
oup of
> the IETF.
>
>Title : BGPsec Algorithms, Key Formats, & Signature Formats
> Author : Sean Turner
> Filename: draft-ietf-sidr-bgpsec-algs-14.txt
> Pages : 7
> Date: 2015-11-10
>
> Abs
On Nov 04, 2015, at 20:14, t.petch <ie...@btconnect.com> wrote:
>
> - Original Message -----
> From: "Sean Turner" <s...@sn3rd.com>
> To: "sidr wg list" <sidr@ietf.org>
> Sent: Tuesday, November 03, 2015 2:07 AM
>
>> Incorporat
ting Working Group of
> the IETF.
>
>Title : A Profile for BGPsec Router Certificates,
> Certificate Revocation Lists, and Certification Requests
>Authors : Mark Reynolds
> Sean Turner
> Steph
tion Requests
>Authors : Mark Reynolds
> Sean Turner
> Stephen Kent
> Filename: draft-ietf-sidr-bgpsec-pki-profiles-14.txt
> Pages : 14
> Date: 2015-11-03
>
> Abstra
Here’s a file that shows the differences between the two procedures (I backed
out the capitalization changes). text1 is in 6487 (left) and text2 is in
validation-reconsidered (right).
spt
Title: Diff: text1.txt - text2.txt
text1.txt text2.txt
s.
> This draft is a work item of the Secure Inter-Domain Routing Working Group of
> the IETF.
>
>Title : BGPsec Algorithms, Key Formats, & Signature Formats
> Author : Sean Turner
> Filename: draft-ietf-sidr-bgpsec-al
1 - 100 of 152 matches
Mail list logo