Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-algs-12.txt

[Sean Turner]

On Nov 04, 2015, at 20:14, t.petch  wrote:
> 
> - Original Message -
> From: "Sean Turner" 
> To: "sidr wg list" 
> Sent: Tuesday, November 03, 2015 2:07 AM
> 
>> Incorporates comments received during WGLC.
>> 
>> Willing to be shouted down on the tweaks in the IANA considerations
> section, but I am hoping that we can move progress this version of the
> document towards our AD.
> 
> Sean
> 
> More a gentle nudge than a shout.
> 
> draft-leiba-cotton-iana-5226bis-11 introduces the idea of a registry
> being within a group and this I-D makes no mention of the latter.  Is
> the intent to have a new BGPsec Group, slotting in between Battery
> Technologies and BFD, or is it part of the existing RPKI Group?  I
> suggest making that explicit in the IANA Considerations.

Oh good idea. I think we should put the BGPsec registry in the RPKI group so 
how about :

  The Internet Assigned Numbers Authority (IANA) is requested
  to define the "BGPsec Algorithm Suite Registry" described below
  in the Resource Public Key Infrastructure (RPKI) group.  

> And to make the IANA Considerations complete of themselves, since they
> get extracted onto a web site, should there be a reference to the
> constraints imposed on the algorithms in section two i.e. the two
> algorithms to be registered must be as specified in rfc6485bis?  An
> rfc6485ter would then have to have IANA Considerations to update that
> part but I expect we would remember to do that.

So there’s no registry for the algorithms used to sign RPKI objects.  Folks 
that start out in IANA registries will need to follow some bread crumbs from 
ROAs, Manifests, and Ghostbusters to 6487 to 6485bis.  BGPsec will be no 
different in this regard.  Again, this assume readers start in the IANA 
registries, which I hope is not where they’re starting ;)

spt
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

[sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-15.txt

[internet-drafts]

A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Secure Inter-Domain Routing Working Group of 
the IETF.

Title   : A Profile for BGPsec Router Certificates, Certificate 
Revocation Lists, and Certification Requests
Authors : Mark Reynolds
  Sean Turner
  Stephen Kent
Filename: draft-ietf-sidr-bgpsec-pki-profiles-15.txt
Pages   : 13
Date: 2015-11-04

Abstract:
   This document defines a standard profile for X.509 certificates used
   to enable validation of Autonomous System (AS) paths in the Border
   Gateway Protocol (BGP), as part of an extension to that protocol
   known as BGPsec.  BGP is the standard for inter-domain routing in the
   Internet; it is the "glue" that holds the Internet together. BGPsec
   is being developed as one component of a solution that addresses the
   requirement to provide security for BGP.  The goal of BGPsec is to
   provide full AS path validation based on the use of strong
   cryptographic primitives.  The end-entity (EE) certificates specified
   by this profile are issued (to routers within an Autonomous System).
   Each of these certificates is issued under a Resource Public Key
   Infrastructure (RPKI) Certification Authority (CA) certificate.
   These CA certificates and EE certificates both contain the AS
   Identifier Delegation extension.  An EE certificate of this type
   asserts that the router(s) holding the corresponding private key are
   authorized to emit secure route advertisements on behalf of the
   AS(es) specified in the certificate.  This document also profiles the
   format of certification requests, and specifies Relying Party (RP)
   certificate path validation procedures for these EE certificates.
   This document extends the RPKI; therefore, this documents updates the
   RPKI Resource Certificates Profile (RFC 6487).


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-pki-profiles/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-pki-profiles-15

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-pki-profiles-15


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-15.txt

[Sean Turner]

tl;dr: new versions since -13 to address editorial comments - changed from BCP 
to standards track

Sandy noted that a some point this draft switched the BCP.  For the life of me, 
I can’t remember the rationale for that changed especially since this draft is 
updating a standards track RFC.  I changed the intended track to the more 
defensible standards track.

spt

> On Nov 05, 2015, at 08:15, internet-dra...@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the Secure Inter-Domain Routing Working Group of 
> the IETF.
> 
>Title   : A Profile for BGPsec Router Certificates, 
> Certificate Revocation Lists, and Certification Requests
>Authors : Mark Reynolds
>  Sean Turner
>  Stephen Kent
>   Filename: draft-ietf-sidr-bgpsec-pki-profiles-15.txt
>   Pages   : 13
>   Date: 2015-11-04
> 
> Abstract:
>   This document defines a standard profile for X.509 certificates used
>   to enable validation of Autonomous System (AS) paths in the Border
>   Gateway Protocol (BGP), as part of an extension to that protocol
>   known as BGPsec.  BGP is the standard for inter-domain routing in the
>   Internet; it is the "glue" that holds the Internet together. BGPsec
>   is being developed as one component of a solution that addresses the
>   requirement to provide security for BGP.  The goal of BGPsec is to
>   provide full AS path validation based on the use of strong
>   cryptographic primitives.  The end-entity (EE) certificates specified
>   by this profile are issued (to routers within an Autonomous System).
>   Each of these certificates is issued under a Resource Public Key
>   Infrastructure (RPKI) Certification Authority (CA) certificate.
>   These CA certificates and EE certificates both contain the AS
>   Identifier Delegation extension.  An EE certificate of this type
>   asserts that the router(s) holding the corresponding private key are
>   authorized to emit secure route advertisements on behalf of the
>   AS(es) specified in the certificate.  This document also profiles the
>   format of certification requests, and specifies Relying Party (RP)
>   certificate path validation procedures for these EE certificates.
>   This document extends the RPKI; therefore, this documents updates the
>   RPKI Resource Certificates Profile (RFC 6487).
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-pki-profiles/
> 
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-pki-profiles-15
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-pki-profiles-15
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] new agenda uploaded

[John G. Scudder]

If you don't mind uploading a new new one to reflect the current plan for 
Friday, it would be helpful. Thanks!

--John

> On Nov 3, 2015, at 7:48 AM, Sandra Murphy  wrote:
> 
> A new agenda was uploaded.
> 
> Thanks to Tim to catching an error in the header, a holdover from a long ago 
> agenda.
> 
> —Sandy

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] new agenda uploaded

[Sandra Murphy]

I uploaded a new agenda, moving Rob’s time on Friday to Tuesday without any 
attempt to represent Tue timing, moved Randy’s presentation on router keying to 
Friday, and added a presentation of validation reconsidered.

Still on the Friday agenda are Steve Kent and Yu Fu talking about bad CAs.

—Sandy, speaking as a wg co-chair


On Nov 5, 2015, at 2:42 PM, John G. Scudder  wrote:

> If you don't mind uploading a new new one to reflect the current plan for 
> Friday, it would be helpful. Thanks!
> 
> --John
> 
>> On Nov 3, 2015, at 7:48 AM, Sandra Murphy  wrote:
>> 
>> A new agenda was uploaded.
>> 
>> Thanks to Tim to catching an error in the header, a holdover from a long ago 
>> agenda.
>> 
>> —Sandy
> 
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] Validation reconsidered draft status

[Christopher Morrow]

hurray! ambiguity in questions was raised by an interested party...

I'd rather do this Friday at the end of the meeting with a short
presentation/conversation.

-chris

On Tue, Nov 3, 2015 at 8:21 PM, Christopher Morrow
 wrote:
> During the meeting today (tues 11/3/2015) one of the authors of:
>   draft-ietf-sidr-rpki-validation-reconsidered
>
> noted that after the last set of updates and over the history of the
> document (2+yrs) there's been no real support nor direction from the
> working-group. Additionally, all co-authors noted that the lack of
> support and direction meant that abandoning the draft seemed like the
> best current direction.
>
> The primary author: Geoff Huston (g...@apnic.net) is willing to toss
> the XML over the fence to another author/editor if there is interest,
> or to let the draft expire/die if no one is willing to take up the
> pencil.
>
> Over the next three weeks let's discuss the direction/end-goal and
> determine if 'abandon' or 'new author' is the best course of action
> here.
>
> -chris
> sidr-co-chair

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-algs-12.txt

[t . petch]

- Original Message -
From: "Sean Turner" 
To: "sidr wg list" 
Sent: Tuesday, November 03, 2015 2:07 AM

> Incorporates comments received during WGLC.
>
> Willing to be shouted down on the tweaks in the IANA considerations
section, but I am hoping that we can move progress this version of the
document towards our AD.

Sean

More a gentle nudge than a shout.

draft-leiba-cotton-iana-5226bis-11 introduces the idea of a registry
being within a group and this I-D makes no mention of the latter.  Is
the intent to have a new BGPsec Group, slotting in between Battery
Technologies and BFD, or is it part of the existing RPKI Group?  I
suggest making that explicit in the IANA Considerations.

And to make the IANA Considerations complete of themselves, since they
get extracted onto a web site, should there be a reference to the
constraints imposed on the algorithms in section two i.e. the two
algorithms to be registered must be as specified in rfc6485bis?  An
rfc6485ter would then have to have IANA Considerations to update that
part but I expect we would remember to do that.

Tom Petch






>
> spt
>
> > On Nov 03, 2015, at 11:03, internet-dra...@ietf.org wrote:
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
directories.
> > This draft is a work item of the Secure Inter-Domain Routing Working
Group of the IETF.
> >
> >Title   : BGPsec Algorithms, Key Formats, & Signature
Formats
> >Author  : Sean Turner
> > Filename: draft-ietf-sidr-bgpsec-algs-12.txt
> > Pages   : 7
> > Date: 2015-11-02
> >
> > Abstract:
> >   This document specifies the algorithms, algorithms' parameters,
> >   asymmetric key formats, asymmetric key size and signature format
used
> >   in BGPsec (Border Gateway Protocol Security).  This document
updates
> >   the Profile for Algorithms and Key Sizes for use in the Resource
> >   Public Key Infrastructure (draft-ietf-sidr-rfc6485bis).
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-algs/
> >
> > There's also a htmlized version available at:
> > https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-algs-12
> >
> > A diff from the previous version is available at:
> > https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-algs-12
> >
> >
> > Please note that it may take a couple of minutes from the time of
submission
> > until the htmlized version and diff are available at tools.ietf.org.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > ___
> > sidr mailing list
> > sidr@ietf.org
> > https://www.ietf.org/mailman/listinfo/sidr
>
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr

___
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr