Hi Roque,
Thanks for the review and comments.
> General Comment:
> " Depending on the lookup result, we define a property for each route,
>called the "validity state". It can assume the values "valid", "not
>found", or "invalid"."
>
> You may want to consider calling it "Origin AS val
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title : BGP Prefix Origin Validation State Extended Community
Author(s) : Pradosh Mohapatra
Speaking only as a regular ol' wg member:
The draft does not say why the mixed certificate prohibition was needed
in the first place.
The new text says:
This exception to the mixed algorithm suite certificate
rule is allowed because an EE certificate that is not used to verify
>> huh? i see the following:
> Arrgh. My bad. (I read the intro, I read TCP-AO, and I skipped to the
> end of the list.)
it is a carefully constructed yet painful compromise with reality.
> Never mind, what I want is already there.
do i get a refund? :)
randy
_
On Aug 2, 2011, at 11:37 AM, Randy Bush wrote:
>> Greetings again. Section 7 of draft-ietf-sidr-rpki-rtr-14 has a list
>> of supported transports. However, it does not list the one that some
>> people have said that they expect it to be run under sometimes, namely
>> bare TCP.
>
> huh? i see the
> Greetings again. Section 7 of draft-ietf-sidr-rpki-rtr-14 has a list
> of supported transports. However, it does not list the one that some
> people have said that they expect it to be run under sometimes, namely
> bare TCP.
huh? i see the following:
Caches and routers MUST implement unprot
On Aug 2, 2011, at 10:47 AM, Montgomery, Douglas wrote:
> As a practical matter, what do you think the effect of the "MUST" in the
> last sentence will be?
That vendors cannot provide bare TCP as a transport in a system that contains
no other security mechanisms.
On Aug 2, 2011, at 10:42 AM,
As a practical matter, what do you think the effect of the "MUST" in the
last sentence will be?
--
Doug Montgomery Mgr. Internet & Scalable Systems Research / ITL / NIST
On 8/2/11 1:34 PM, "Paul Hoffman" wrote:
>Greetings again. Section 7 of draft-ietf-sidr-rpki-rtr-14 has a list of
>su
On 8/2/2011 10:34 AM, Paul Hoffman wrote:
Greetings again. Section 7 of draft-ietf-sidr-rpki-rtr-14 has a list of
supported transports. However, it does not list the one that some people have
said that they expect it to be run under sometimes, namely bare TCP. If we all
know that this is lik
Greetings again. Section 7 of draft-ietf-sidr-rpki-rtr-14 has a list of
supported transports. However, it does not list the one that some people have
said that they expect it to be run under sometimes, namely bare TCP. If we all
know that this is likely to be the case, we should have it listed i
Dear WG,
I uploaded a new version of the draft preparing it for WGLC.
The only change is a requirement from the BGPSEC team to include a paragraph in
section 4.2 that clarifies that "mixed" certs are not allowed only for CA certs
but may be possible for EE certs that do not validate repository
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title : Algorithm Agility Procedure for RPKI.
Author(s) : Roque Gagliano
12 matches
Mail list logo
