Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-algs-12.txt
On Nov 04, 2015, at 20:14, t.petchwrote: > > - Original Message - > From: "Sean Turner" > To: "sidr wg list" > Sent: Tuesday, November 03, 2015 2:07 AM > >> Incorporates comments received during WGLC. >> >> Willing to be shouted down on the tweaks in the IANA considerations > section, but I am hoping that we can move progress this version of the > document towards our AD. > > Sean > > More a gentle nudge than a shout. > > draft-leiba-cotton-iana-5226bis-11 introduces the idea of a registry > being within a group and this I-D makes no mention of the latter. Is > the intent to have a new BGPsec Group, slotting in between Battery > Technologies and BFD, or is it part of the existing RPKI Group? I > suggest making that explicit in the IANA Considerations. Oh good idea. I think we should put the BGPsec registry in the RPKI group so how about : The Internet Assigned Numbers Authority (IANA) is requested to define the "BGPsec Algorithm Suite Registry" described below in the Resource Public Key Infrastructure (RPKI) group. > And to make the IANA Considerations complete of themselves, since they > get extracted onto a web site, should there be a reference to the > constraints imposed on the algorithms in section two i.e. the two > algorithms to be registered must be as specified in rfc6485bis? An > rfc6485ter would then have to have IANA Considerations to update that > part but I expect we would remember to do that. So there’s no registry for the algorithms used to sign RPKI objects. Folks that start out in IANA registries will need to follow some bread crumbs from ROAs, Manifests, and Ghostbusters to 6487 to 6485bis. BGPsec will be no different in this regard. Again, this assume readers start in the IANA registries, which I hope is not where they’re starting ;) spt ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
[sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-15.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. Title : A Profile for BGPsec Router Certificates, Certificate Revocation Lists, and Certification Requests Authors : Mark Reynolds Sean Turner Stephen Kent Filename: draft-ietf-sidr-bgpsec-pki-profiles-15.txt Pages : 13 Date: 2015-11-04 Abstract: This document defines a standard profile for X.509 certificates used to enable validation of Autonomous System (AS) paths in the Border Gateway Protocol (BGP), as part of an extension to that protocol known as BGPsec. BGP is the standard for inter-domain routing in the Internet; it is the "glue" that holds the Internet together. BGPsec is being developed as one component of a solution that addresses the requirement to provide security for BGP. The goal of BGPsec is to provide full AS path validation based on the use of strong cryptographic primitives. The end-entity (EE) certificates specified by this profile are issued (to routers within an Autonomous System). Each of these certificates is issued under a Resource Public Key Infrastructure (RPKI) Certification Authority (CA) certificate. These CA certificates and EE certificates both contain the AS Identifier Delegation extension. An EE certificate of this type asserts that the router(s) holding the corresponding private key are authorized to emit secure route advertisements on behalf of the AS(es) specified in the certificate. This document also profiles the format of certification requests, and specifies Relying Party (RP) certificate path validation procedures for these EE certificates. This document extends the RPKI; therefore, this documents updates the RPKI Resource Certificates Profile (RFC 6487). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-pki-profiles/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-pki-profiles-15 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-pki-profiles-15 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-pki-profiles-15.txt
tl;dr: new versions since -13 to address editorial comments - changed from BCP to standards track Sandy noted that a some point this draft switched the BCP. For the life of me, I can’t remember the rationale for that changed especially since this draft is updating a standards track RFC. I changed the intended track to the more defensible standards track. spt > On Nov 05, 2015, at 08:15, internet-dra...@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Secure Inter-Domain Routing Working Group of > the IETF. > >Title : A Profile for BGPsec Router Certificates, > Certificate Revocation Lists, and Certification Requests >Authors : Mark Reynolds > Sean Turner > Stephen Kent > Filename: draft-ietf-sidr-bgpsec-pki-profiles-15.txt > Pages : 13 > Date: 2015-11-04 > > Abstract: > This document defines a standard profile for X.509 certificates used > to enable validation of Autonomous System (AS) paths in the Border > Gateway Protocol (BGP), as part of an extension to that protocol > known as BGPsec. BGP is the standard for inter-domain routing in the > Internet; it is the "glue" that holds the Internet together. BGPsec > is being developed as one component of a solution that addresses the > requirement to provide security for BGP. The goal of BGPsec is to > provide full AS path validation based on the use of strong > cryptographic primitives. The end-entity (EE) certificates specified > by this profile are issued (to routers within an Autonomous System). > Each of these certificates is issued under a Resource Public Key > Infrastructure (RPKI) Certification Authority (CA) certificate. > These CA certificates and EE certificates both contain the AS > Identifier Delegation extension. An EE certificate of this type > asserts that the router(s) holding the corresponding private key are > authorized to emit secure route advertisements on behalf of the > AS(es) specified in the certificate. This document also profiles the > format of certification requests, and specifies Relying Party (RP) > certificate path validation procedures for these EE certificates. > This document extends the RPKI; therefore, this documents updates the > RPKI Resource Certificates Profile (RFC 6487). > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-pki-profiles/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-pki-profiles-15 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-pki-profiles-15 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > ___ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] new agenda uploaded
If you don't mind uploading a new new one to reflect the current plan for Friday, it would be helpful. Thanks! --John > On Nov 3, 2015, at 7:48 AM, Sandra Murphywrote: > > A new agenda was uploaded. > > Thanks to Tim to catching an error in the header, a holdover from a long ago > agenda. > > —Sandy ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] new agenda uploaded
I uploaded a new agenda, moving Rob’s time on Friday to Tuesday without any attempt to represent Tue timing, moved Randy’s presentation on router keying to Friday, and added a presentation of validation reconsidered. Still on the Friday agenda are Steve Kent and Yu Fu talking about bad CAs. —Sandy, speaking as a wg co-chair On Nov 5, 2015, at 2:42 PM, John G. Scudderwrote: > If you don't mind uploading a new new one to reflect the current plan for > Friday, it would be helpful. Thanks! > > --John > >> On Nov 3, 2015, at 7:48 AM, Sandra Murphy wrote: >> >> A new agenda was uploaded. >> >> Thanks to Tim to catching an error in the header, a holdover from a long ago >> agenda. >> >> —Sandy > > ___ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr signature.asc Description: Message signed with OpenPGP using GPGMail ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] Validation reconsidered draft status
hurray! ambiguity in questions was raised by an interested party... I'd rather do this Friday at the end of the meeting with a short presentation/conversation. -chris On Tue, Nov 3, 2015 at 8:21 PM, Christopher Morrowwrote: > During the meeting today (tues 11/3/2015) one of the authors of: > draft-ietf-sidr-rpki-validation-reconsidered > > noted that after the last set of updates and over the history of the > document (2+yrs) there's been no real support nor direction from the > working-group. Additionally, all co-authors noted that the lack of > support and direction meant that abandoning the draft seemed like the > best current direction. > > The primary author: Geoff Huston (g...@apnic.net) is willing to toss > the XML over the fence to another author/editor if there is interest, > or to let the draft expire/die if no one is willing to take up the > pencil. > > Over the next three weeks let's discuss the direction/end-goal and > determine if 'abandon' or 'new author' is the best course of action > here. > > -chris > sidr-co-chair ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] I-D Action: draft-ietf-sidr-bgpsec-algs-12.txt
- Original Message - From: "Sean Turner"To: "sidr wg list" Sent: Tuesday, November 03, 2015 2:07 AM > Incorporates comments received during WGLC. > > Willing to be shouted down on the tweaks in the IANA considerations section, but I am hoping that we can move progress this version of the document towards our AD. Sean More a gentle nudge than a shout. draft-leiba-cotton-iana-5226bis-11 introduces the idea of a registry being within a group and this I-D makes no mention of the latter. Is the intent to have a new BGPsec Group, slotting in between Battery Technologies and BFD, or is it part of the existing RPKI Group? I suggest making that explicit in the IANA Considerations. And to make the IANA Considerations complete of themselves, since they get extracted onto a web site, should there be a reference to the constraints imposed on the algorithms in section two i.e. the two algorithms to be registered must be as specified in rfc6485bis? An rfc6485ter would then have to have IANA Considerations to update that part but I expect we would remember to do that. Tom Petch > > spt > > > On Nov 03, 2015, at 11:03, internet-dra...@ietf.org wrote: > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > > This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. > > > >Title : BGPsec Algorithms, Key Formats, & Signature Formats > >Author : Sean Turner > > Filename: draft-ietf-sidr-bgpsec-algs-12.txt > > Pages : 7 > > Date: 2015-11-02 > > > > Abstract: > > This document specifies the algorithms, algorithms' parameters, > > asymmetric key formats, asymmetric key size and signature format used > > in BGPsec (Border Gateway Protocol Security). This document updates > > the Profile for Algorithms and Key Sizes for use in the Resource > > Public Key Infrastructure (draft-ietf-sidr-rfc6485bis). > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-algs/ > > > > There's also a htmlized version available at: > > https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-algs-12 > > > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-algs-12 > > > > > > Please note that it may take a couple of minutes from the time of submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > ___ > > sidr mailing list > > sidr@ietf.org > > https://www.ietf.org/mailman/listinfo/sidr > > ___ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr