On 05/03/2012 03:57 AM, t.petch wrote: > A question arising from my ignorance. > > How do values in the security arc get assigned? Not IANA since there are no > IANA considerations, but how then?
good question... the below are asn.1 things, quickly searching around isn't helping me out much either :( Russ, any idea how this happens in practice? 'lick finger, test wind, guess number' seems like the wrong method... > > On the IANA profiles web page I can see > (1.3.6.1.5.5.4) > and > (1.3.6.1.5.5.8) > but no 1.3.6.1.5.5.7, just a reference to Russ. > > > Tom Petch > > ----- Original Message ----- > From: "Christopher Morrow" <morrowc.li...@gmail.com> > To: <sidr@ietf.org>; <sidr-cha...@ietf.org> > Sent: Friday, April 13, 2012 10:16 PM > > Helo WG peoples, > The following update posted today. Sean and Tom have come to agreement > on their differences, I believe this closes the last open items on > this document. > > Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012 > > Thanks! > -Chris > <co-chair> > > On Fri, Apr 13, 2012 at 3:03 PM, <internet-dra...@ietf.org> wrote: >> >> A New Internet-Draft is available from the on-line Internet-Drafts > directories. This draft is a work item of the Secure Inter-Domain Routing > Working Group of the IETF. >> >> Title : A Profile for BGPSEC Router Certificates, Certificate Revocation > Lists, and Certification Requests >> Author(s) : Mark Reynolds >> Sean Turner >> Steve Kent >> Filename : draft-ietf-sidr-bgpsec-pki-profiles-03.txt >> Pages : 11 >> Date : 2012-04-13 >> >> This document defines a standard profile for X.509 certificates for >> the purposes of supporting validation of Autonomous System (AS) paths >> in the Border Gateway Protocol (BGP), as part of an extension to that >> protocol known as BGPSEC. BGP is a critical component for the proper >> operation of the Internet as a whole. The BGPSEC protocol is under >> development as a component to address the requirement to provide >> security for the BGP protocol. The goal of BGPSEC is to design a >> protocol for full AS path validation based on the use of strong >> cryptographic primitives. The end-entity (EE) certificates specified >> by this profile are issued under Resource Public Key Infrastructure >> (RPKI) Certification Authority (CA) certificates, containing the AS >> Identifier Delegation extension, to routers within the Autonomous >> System (AS). The certificate asserts that the router(s) holding the >> private key are authorized to send out secure route advertisements on >> behalf of the specified AS. This document also profiles the >> Certificate Revocation List (CRL), profiles the format of >> certification requests, and specifies Relying Party certificate path >> validation procedures. The document extends the RPKI; therefore, >> this documents updates the RPKI Resource Certificates Profile (RFC >> 6487). >> >> >> A URL for this Internet-Draft is: >> http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> This Internet-Draft can be retrieved at: >> ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt >> >> _______________________________________________ >> sidr mailing list >> sidr@ietf.org >> https://www.ietf.org/mailman/listinfo/sidr > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr > _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
