Yes, let me try re-sending my original message -- this time with correct RFC numbers:
I believe the question is what types of keys can appear as the subject public key in an RPKI certificate. -- RFC 6487 says "See 6485" (and thus 6485bis when it is published) to find out what is allowed as a subject public key -- draft-ietf-sidr-bgpsec-pki-profiles updates RFC 6487 and says "For Router Certs (end-entity certificates use by BGPSEC) see draft-ietf-sidr-bgpsec-algs Ideally, this shouldn't be a problem. RFC 6487 governs subject public keys for all certificates in the RPKI except BGPSEC router certificates and draft-sidr-bgpsec-algs covers that case. That being said, we currently have two working group documents that update existing documents and I am not sure that the text of those documents (taken together) is sufficiently clear on what can and cannot appear as a subject public key in an RPKI certificate. In particular, 6485bis seems to say "only RSA with SHA256" and I think what sidr-bgpsec-pki-profiles wants to say (but I don't know if it is sufficiently clear) that b485bis applies to all RPKI certificates except end-enty router certificates and that those certificates should look at bgpsec-algs to figure out what an acceptable subject public key is On Mon, Jul 7, 2014 at 6:29 PM, Geoff Huston <g...@apnic.net> wrote: > yes confusion all round > > >> -- RFC 6485 says "See 6487" (and thus 6487bis when it is published) >> to find out what is allowed as a subject public key > > > RFC 6487 says "See RFC6485" and (thus 6485bis when it is published) to find > out what is allowed as a subject public key > > i.e. I think I understand what you are saying here, but you seem to have 6485 > and 6487 swapped - right? > > > g > > > > > > On 8 Jul 2014, at 7:04 am, Matthew Lepinski <mlepinski.i...@gmail.com> wrote: > >> Yes, there seems to be an issue here: >> >> I believe the question is what types of keys can appear as the subject >> public key in an RPKI certificate. >> >> -- RFC 6485 says "See 6487" (and thus 6487bis when it is published) >> to find out what is allowed as a subject public key >> >> -- draft-ietf-sidr-bgpsec-pki-profiles updates RFC 6485 and says "For >> Router Certs (end-entity certificates use by BGPSEC) see >> draft-ietf-sidr-bgpsec-algs >> >> Ideally, this shouldn't be a problem. RFC 6487 governs subject public >> keys for all certificates in the RPKI except BGPSEC router >> certificates and draft-sidr-bgpsec-algs covers that case. >> >> That being said, we currently have two working group documents that >> update RFC 6485 and I am not sure that it is sufficiently clear in the >> text of those documents how the two updates interact. >> >> On Mon, Jul 7, 2014 at 4:28 PM, Geoff Huston <g...@apnic.net> wrote: >>> Hi Sean, >>> >>> Whats the relationship between this draft and draft-ietf-sidr-rfc6485bis? >>> >>> g >>> >>> >>> On 3 Jul 2014, at 1:36 am, Sean Turner <turn...@ieca.com> wrote: >>> >>>> A minor update to move some references that were in the wrong place as >>>> well as to correctly identify where the OID goes that indicates the >>>> algorithm used in the CRMF (thanks Sandy for pointing these out). Oh and >>>> I updated the dates. >>>> >>>> spt >>>> >>>> On Jul 02, 2014, at 11:34, internet-dra...@ietf.org wrote: >>>> >>>>> >>>>> A New Internet-Draft is available from the on-line Internet-Drafts >>>>> directories. >>>>> This draft is a work item of the Secure Inter-Domain Routing Working >>>>> Group of the IETF. >>>>> >>>>> Title : BGP Algorithms, Key Formats, & Signature Formats >>>>> Author : Sean Turner >>>>> Filename : draft-ietf-sidr-bgpsec-algs-07.txt >>>>> Pages : 7 >>>>> Date : 2014-07-02 >>>>> >>>>> Abstract: >>>>> This document specifies the algorithms, algorithms' parameters, >>>>> asymmetric key formats, asymmetric key size and signature format used >>>>> in BGPSEC (Border Gateway Protocol Security). This document updates >>>>> the Profile for Algorithms and Key Sizes for use in the Resource >>>>> Public Key Infrastructure (RFC 6485). >>>>> >>>>> >>>>> The IETF datatracker status page for this draft is: >>>>> https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-algs/ >>>>> >>>>> There's also a htmlized version available at: >>>>> http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-algs-07 >>>>> >>>>> A diff from the previous version is available at: >>>>> http://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-algs-07 >>>>> >>>>> >>>>> Please note that it may take a couple of minutes from the time of >>>>> submission >>>>> until the htmlized version and diff are available at tools.ietf.org. >>>>> >>>>> Internet-Drafts are also available by anonymous FTP at: >>>>> ftp://ftp.ietf.org/internet-drafts/ >>>>> >>>>> _______________________________________________ >>>>> sidr mailing list >>>>> sidr@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/sidr >>>> >>>> _______________________________________________ >>>> sidr mailing list >>>> sidr@ietf.org >>>> https://www.ietf.org/mailman/listinfo/sidr >>> >>> _______________________________________________ >>> sidr mailing list >>> sidr@ietf.org >>> https://www.ietf.org/mailman/listinfo/sidr > _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
