Dave,
Section 6.3 of RFC 3971 contains a certificate profile for routing
authorization in X.509 certs. If that is somehow insufficient or lacking,
then there definitely needs to be a charter item in the charter addressing
the issue.
jak
----- Original Message -----
From: "Dave Thaler" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 06, 2007 6:44 PM
Subject: RE: [Int-area] Re: SeND & CGA Extensions BOF
Right, there is work on making CGAs crypto-agile and it was presented in
a previous int-area meeting at IETF 66
(http://www3.ietf.org/proceedings/06jul/minutes/intarea.txt item 6).
However, there's another SEND issue that arose in a discussion I was in.
Is there any EKU defined for the X.509 certs used for securing Router
Discovery, that authorizes use as a router? I can't find one, meaning
the only option is to issue a cert that is valid for all possible
purposes. Or am I missing something?
-Dave
-----Original Message-----
From: Suresh Krishnan [mailto:[EMAIL PROTECTED]
Sent: Monday, June 04, 2007 10:10 AM
To: Bernard Aboba
Cc: [EMAIL PROTECTED]
Subject: Re: [Int-area] Re: SeND & CGA Extensions BOF
Hi Bernard,
Bernard Aboba wrote:
> I have a basic concern with the use of CGA in the IETF, which is
that
the
> CGA design is not currently crypto-agile.
Yes. This is a big concern. Marcelo and Jari wrote a draft about
updating CGAs to use multiple hash functions.
http://www.ietf.org/internet-drafts/draft-bagnulo-multiple-hash-cga-03.t
xt
This is an individual submission and is in the RFC Editor's queue.
Cheers
Suresh
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
