I have read the -03 version of bgpsec profiles. I think the current
version of the document is solid. But I don't think the protocol spec is
quite stable enough to say "we aren't going to be making any changes to
the bgpsec protocol that will require a change to the profiles document"
... but I hope the protocol spec will soon (several months) be that stable.
- Matt Lepinski
On 4/13/2012 5:26 PM, Brian Dickson wrote:
While I think the document may be pretty solid currently, the
meta-issue of the tail wagging the dog exists.
I.e. There still exists the potential for additional requirements to
surface,
related to the design and implementation of the bgpsec protocol, which
have
the potential to "inform" additional requirements for the EE certs,
and/or other (new) cert types.
So, even if it passes WGLC intact, I'm of the opinion that it should
be kept in the "hold" buffer,
until the other work goes through more substantial development and
review cycles.
Brian
On Fri, Apr 13, 2012 at 4:16 PM, Christopher Morrow
<morrowc.li...@gmail.com <mailto:morrowc.li...@gmail.com>> wrote:
Helo WG peoples,
The following update posted today. Sean and Tom have come to agreement
on their differences, I believe this closes the last open items on
this document.
Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012
Thanks!
-Chris
<co-chair>
On Fri, Apr 13, 2012 at 3:03 PM, <internet-dra...@ietf.org
<mailto:internet-dra...@ietf.org>> wrote:
>
> A New Internet-Draft is available from the on-line
Internet-Drafts directories. This draft is a work item of the
Secure Inter-Domain Routing Working Group of the IETF.
>
> Title : A Profile for BGPSEC Router
Certificates, Certificate Revocation Lists, and Certification Requests
> Author(s) : Mark Reynolds
> Sean Turner
> Steve Kent
> Filename : draft-ietf-sidr-bgpsec-pki-profiles-03.txt
> Pages : 11
> Date : 2012-04-13
>
> This document defines a standard profile for X.509
certificates for
> the purposes of supporting validation of Autonomous System
(AS) paths
> in the Border Gateway Protocol (BGP), as part of an extension
to that
> protocol known as BGPSEC. BGP is a critical component for the
proper
> operation of the Internet as a whole. The BGPSEC protocol is
under
> development as a component to address the requirement to provide
> security for the BGP protocol. The goal of BGPSEC is to design a
> protocol for full AS path validation based on the use of strong
> cryptographic primitives. The end-entity (EE) certificates
specified
> by this profile are issued under Resource Public Key
Infrastructure
> (RPKI) Certification Authority (CA) certificates, containing
the AS
> Identifier Delegation extension, to routers within the Autonomous
> System (AS). The certificate asserts that the router(s)
holding the
> private key are authorized to send out secure route
advertisements on
> behalf of the specified AS. This document also profiles the
> Certificate Revocation List (CRL), profiles the format of
> certification requests, and specifies Relying Party
certificate path
> validation procedures. The document extends the RPKI; therefore,
> this documents updates the RPKI Resource Certificates Profile (RFC
> 6487).
>
>
> A URL for this Internet-Draft is:
>
http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> This Internet-Draft can be retrieved at:
>
ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt
>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org <mailto:sidr@ietf.org>
> https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________
sidr mailing list
sidr@ietf.org <mailto:sidr@ietf.org>
https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
