Well, when u compared the key mgmt that is done today w/ the key mgmt that will need to be done with bgpsec keys on routers, I think there was an strained analogy. I'm talking about the latter, but I was trying to indulge the discussion. ;)
Eric ----- Original Message ----- From: Chris Morrow [mailto:morr...@ops-netman.net] Sent: Friday, May 04, 2012 10:18 PM To: Osterweil, Eric Cc: 'morrowc.li...@gmail.com' <morrowc.li...@gmail.com>; 'sandra.mur...@sparta.com' <sandra.mur...@sparta.com>; 'da...@tcb.net' <da...@tcb.net>; 'sidr@ietf.org' <sidr@ietf.org>; 'sidr-cha...@tools.ietf.org' <sidr-cha...@tools.ietf.org>; 'sidr-...@tools.ietf.org' <sidr-...@tools.ietf.org> Subject: Re: [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: 04-30-2012 (April 30, 2012))) On 05/04/2012 10:06 PM, Osterweil, Eric wrote: > Hey Chris, > > The implications of putting signatures on updates that are both > globally visible/verifiable and implicitly give object-level security > to updates is WAY different than the semantics of the keying done > today. The implications of the scope of these keys puts them in a > much different role. I was assuming that was clear, but maybe not? I think we're talking about 2 different (at least) things... > Eric > > > ----- Original Message ----- From: Christopher Morrow > [mailto:morrowc.li...@gmail.com] Sent: Friday, May 04, 2012 09:54 PM > To: Osterweil, Eric Cc: > morr...@ops-netman.net<morr...@ops-netman.net>; > sandra.mur...@sparta.com<sandra.mur...@sparta.com>; > da...@tcb.net<da...@tcb.net>; sidr@ietf.org<sidr@ietf.org>; > sidr-cha...@tools.ietf.org<sidr-cha...@tools.ietf.org>; > sidr-...@tools.ietf.org<sidr-...@tools.ietf.org> Subject: Re: [sidr] > RPKI and private keys (was RE: Interim Meeting Draft Agenda: > 04-30-2012 (April 30, 2012))) > > On Fri, May 4, 2012 at 9:37 PM, Osterweil, > Eric<eosterw...@verisign.com> wrote: >> Hey Chris, >> >> Yeah, I read that. I know there's a tendency for some people to >> want to talk about bath houses on this list, but I was going to >> pass on that. >> >> As for draft-ymbk-bgpsec-rtr-rekeying-00.txt, that draft just >> points out the inadequacies of either approach and that there is no >> good solution. My take is that this is indicative of a misalignment >> between a given architecture and implicit requirements. Sometimes >> you can't patch the holes in a leaky ship, you need to reassess the >> requirements. I think the evidence illustrates that this is the >> case here. >> > > it seems to me that putting key-material on a distant router is done > today... isn't it? or are you saying that how you do it today leaves > you feeling icky, and you'd rather another method be devised? > > Could you outline a possible method? (provide a solution, for > instance) > >> Eric >> >> >> ----- Original Message ----- From: Chris Morrow >> [mailto:morr...@ops-netman.net] Sent: Friday, May 04, 2012 09:28 >> PM To: Osterweil, Eric Cc: >> 'sandra.mur...@sparta.com'<sandra.mur...@sparta.com>; >> 'da...@tcb.net'<da...@tcb.net>; >> 'morrowc.li...@gmail.com'<morrowc.li...@gmail.com>; >> 'sidr@ietf.org'<sidr@ietf.org>; >> 'sidr-cha...@tools.ietf.org'<sidr-cha...@tools.ietf.org>; >> 'sidr-...@tools.ietf.org'<sidr-...@tools.ietf.org> Subject: Re: >> [sidr] RPKI and private keys (was RE: Interim Meeting Draft Agenda: >> 04-30-2012 (April 30, 2012))) >> >> >> >> On 05/04/2012 08:59 PM, Osterweil, Eric wrote: >> >>> His point is NOT addressed by any draft in the wg (since you >>> asked). >> >> read randy's mentioned draft? _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr