Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
On 7/3/12 4:50 PM, Warren Kumari wrote: On Jun 28, 2012, at 4:49 PM, Murphy, Sandra wrote: This last call has ended. There were only three comments during the wglc. Two noted that the document was solid, but that it was premature to advance the draft when the protocols spec was still undergoing changes and might produce new required features for the router certificates. So what is the desire of the working group: - put the document on hold, refreshing versions numbers as necessary to keep it on the secretariat list of current drafts, until we are more certain no further features will be needed - publish the draft now and amend if new features should pop up This one please! For what it's worth I like this one too, but I'm one of the editors. spt W If the later, more support for publication is needed. --Sandy, speaking as wg co-chair From: sidr-boun...@ietf.org [sidr-boun...@ietf.org] on behalf of Christopher Morrow [morrowc.li...@gmail.com] Sent: Friday, April 13, 2012 4:16 PM To: sidr@ietf.org; sidr-cha...@ietf.org Subject: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles Helo WG peoples, The following update posted today. Sean and Tom have come to agreement on their differences, I believe this closes the last open items on this document. Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012 Thanks! -Chris co-chair On Fri, Apr 13, 2012 at 3:03 PM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. Title : A Profile for BGPSEC Router Certificates, Certificate Revocation Lists, and Certification Requests Author(s) : Mark Reynolds Sean Turner Steve Kent Filename: draft-ietf-sidr-bgpsec-pki-profiles-03.txt Pages : 11 Date: 2012-04-13 This document defines a standard profile for X.509 certificates for the purposes of supporting validation of Autonomous System (AS) paths in the Border Gateway Protocol (BGP), as part of an extension to that protocol known as BGPSEC. BGP is a critical component for the proper operation of the Internet as a whole. The BGPSEC protocol is under development as a component to address the requirement to provide security for the BGP protocol. The goal of BGPSEC is to design a protocol for full AS path validation based on the use of strong cryptographic primitives. The end-entity (EE) certificates specified by this profile are issued under Resource Public Key Infrastructure (RPKI) Certification Authority (CA) certificates, containing the AS Identifier Delegation extension, to routers within the Autonomous System (AS). The certificate asserts that the router(s) holding the private key are authorized to send out secure route advertisements on behalf of the specified AS. This document also profiles the Certificate Revocation List (CRL), profiles the format of certification requests, and specifies Relying Party certificate path validation procedures. The document extends the RPKI; therefore, this documents updates the RPKI Resource Certificates Profile (RFC 6487). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr -- Working the ICANN process is like being nibbled to death by ducks, it takes forever, it doesn't make sense, and in the end we're still dead in the water. -- Tom Galvin, VeriSign's vice president for government relations. ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
On Jul 10, 2012, at 12:15 PM, Sean Turner wrote: On 7/3/12 4:50 PM, Warren Kumari wrote: On Jun 28, 2012, at 4:49 PM, Murphy, Sandra wrote: This last call has ended. There were only three comments during the wglc. Two noted that the document was solid, but that it was premature to advance the draft when the protocols spec was still undergoing changes and might produce new required features for the router certificates. So what is the desire of the working group: - put the document on hold, refreshing versions numbers as necessary to keep it on the secretariat list of current drafts, until we are more certain no further features will be needed - publish the draft now and amend if new features should pop up This one please! For what it's worth I like this one too, but I'm one of the editors. Fair 'nuff… spt W If the later, more support for publication is needed. So, is this sufficinet support for publication? If not, how much more is needed? And by when? W --Sandy, speaking as wg co-chair From: sidr-boun...@ietf.org [sidr-boun...@ietf.org] on behalf of Christopher Morrow [morrowc.li...@gmail.com] Sent: Friday, April 13, 2012 4:16 PM To: sidr@ietf.org; sidr-cha...@ietf.org Subject: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles Helo WG peoples, The following update posted today. Sean and Tom have come to agreement on their differences, I believe this closes the last open items on this document. Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012 Thanks! -Chris co-chair On Fri, Apr 13, 2012 at 3:03 PM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. Title : A Profile for BGPSEC Router Certificates, Certificate Revocation Lists, and Certification Requests Author(s) : Mark Reynolds Sean Turner Steve Kent Filename: draft-ietf-sidr-bgpsec-pki-profiles-03.txt Pages : 11 Date: 2012-04-13 This document defines a standard profile for X.509 certificates for the purposes of supporting validation of Autonomous System (AS) paths in the Border Gateway Protocol (BGP), as part of an extension to that protocol known as BGPSEC. BGP is a critical component for the proper operation of the Internet as a whole. The BGPSEC protocol is under development as a component to address the requirement to provide security for the BGP protocol. The goal of BGPSEC is to design a protocol for full AS path validation based on the use of strong cryptographic primitives. The end-entity (EE) certificates specified by this profile are issued under Resource Public Key Infrastructure (RPKI) Certification Authority (CA) certificates, containing the AS Identifier Delegation extension, to routers within the Autonomous System (AS). The certificate asserts that the router(s) holding the private key are authorized to send out secure route advertisements on behalf of the specified AS. This document also profiles the Certificate Revocation List (CRL), profiles the format of certification requests, and specifies Relying Party certificate path validation procedures. The document extends the RPKI; therefore, this documents updates the RPKI Resource Certificates Profile (RFC 6487). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr -- Working the ICANN process is like being nibbled to death by ducks, it takes forever, it doesn't make sense, and in the end we're still dead in the water. -- Tom Galvin, VeriSign's vice president for government relations. ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr -- She'd even given herself a middle initial - X - which stood for someone who has a cool and exciting middle name. -- (Terry Pratchett, Maskerade) ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
At 8:49 PM + 6/28/12, Murphy, Sandra wrote: This last call has ended. There were only three comments during the wglc. Two noted that the document was solid, but that it was premature to advance the draft when the protocols spec was still undergoing changes and might produce new required features for the router certificates. So what is the desire of the working group: - put the document on hold, refreshing versions numbers as necessary to keep it on the secretariat list of current drafts, until we are more certain no further features will be needed - publish the draft now and amend if new features should pop up If the later, more support for publication is needed. --Sandy, speaking as wg co-chair I'll advocate for a publish it now and fix it later if needed strategy. Steve ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
I'll advocate for a publish it now and fix it later if needed strategy. the hidden tao of the ietf aol ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
On Jun 28, 2012, at 4:49 PM, Murphy, Sandra wrote: This last call has ended. There were only three comments during the wglc. Two noted that the document was solid, but that it was premature to advance the draft when the protocols spec was still undergoing changes and might produce new required features for the router certificates. So what is the desire of the working group: - put the document on hold, refreshing versions numbers as necessary to keep it on the secretariat list of current drafts, until we are more certain no further features will be needed - publish the draft now and amend if new features should pop up This one please! W If the later, more support for publication is needed. --Sandy, speaking as wg co-chair From: sidr-boun...@ietf.org [sidr-boun...@ietf.org] on behalf of Christopher Morrow [morrowc.li...@gmail.com] Sent: Friday, April 13, 2012 4:16 PM To: sidr@ietf.org; sidr-cha...@ietf.org Subject: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles Helo WG peoples, The following update posted today. Sean and Tom have come to agreement on their differences, I believe this closes the last open items on this document. Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012 Thanks! -Chris co-chair On Fri, Apr 13, 2012 at 3:03 PM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. Title : A Profile for BGPSEC Router Certificates, Certificate Revocation Lists, and Certification Requests Author(s) : Mark Reynolds Sean Turner Steve Kent Filename: draft-ietf-sidr-bgpsec-pki-profiles-03.txt Pages : 11 Date: 2012-04-13 This document defines a standard profile for X.509 certificates for the purposes of supporting validation of Autonomous System (AS) paths in the Border Gateway Protocol (BGP), as part of an extension to that protocol known as BGPSEC. BGP is a critical component for the proper operation of the Internet as a whole. The BGPSEC protocol is under development as a component to address the requirement to provide security for the BGP protocol. The goal of BGPSEC is to design a protocol for full AS path validation based on the use of strong cryptographic primitives. The end-entity (EE) certificates specified by this profile are issued under Resource Public Key Infrastructure (RPKI) Certification Authority (CA) certificates, containing the AS Identifier Delegation extension, to routers within the Autonomous System (AS). The certificate asserts that the router(s) holding the private key are authorized to send out secure route advertisements on behalf of the specified AS. This document also profiles the Certificate Revocation List (CRL), profiles the format of certification requests, and specifies Relying Party certificate path validation procedures. The document extends the RPKI; therefore, this documents updates the RPKI Resource Certificates Profile (RFC 6487). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr -- Working the ICANN process is like being nibbled to death by ducks, it takes forever, it doesn't make sense, and in the end we're still dead in the water. -- Tom Galvin, VeriSign's vice president for government relations. ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
This last call has ended. There were only three comments during the wglc. Two noted that the document was solid, but that it was premature to advance the draft when the protocols spec was still undergoing changes and might produce new required features for the router certificates. So what is the desire of the working group: - put the document on hold, refreshing versions numbers as necessary to keep it on the secretariat list of current drafts, until we are more certain no further features will be needed - publish the draft now and amend if new features should pop up If the later, more support for publication is needed. --Sandy, speaking as wg co-chair From: sidr-boun...@ietf.org [sidr-boun...@ietf.org] on behalf of Christopher Morrow [morrowc.li...@gmail.com] Sent: Friday, April 13, 2012 4:16 PM To: sidr@ietf.org; sidr-cha...@ietf.org Subject: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles Helo WG peoples, The following update posted today. Sean and Tom have come to agreement on their differences, I believe this closes the last open items on this document. Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012 Thanks! -Chris co-chair On Fri, Apr 13, 2012 at 3:03 PM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. Title : A Profile for BGPSEC Router Certificates, Certificate Revocation Lists, and Certification Requests Author(s) : Mark Reynolds Sean Turner Steve Kent Filename: draft-ietf-sidr-bgpsec-pki-profiles-03.txt Pages : 11 Date: 2012-04-13 This document defines a standard profile for X.509 certificates for the purposes of supporting validation of Autonomous System (AS) paths in the Border Gateway Protocol (BGP), as part of an extension to that protocol known as BGPSEC. BGP is a critical component for the proper operation of the Internet as a whole. The BGPSEC protocol is under development as a component to address the requirement to provide security for the BGP protocol. The goal of BGPSEC is to design a protocol for full AS path validation based on the use of strong cryptographic primitives. The end-entity (EE) certificates specified by this profile are issued under Resource Public Key Infrastructure (RPKI) Certification Authority (CA) certificates, containing the AS Identifier Delegation extension, to routers within the Autonomous System (AS). The certificate asserts that the router(s) holding the private key are authorized to send out secure route advertisements on behalf of the specified AS. This document also profiles the Certificate Revocation List (CRL), profiles the format of certification requests, and specifies Relying Party certificate path validation procedures. The document extends the RPKI; therefore, this documents updates the RPKI Resource Certificates Profile (RFC 6487). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
A question arising from my ignorance. How do values in the security arc get assigned? Not IANA since there are no IANA considerations, but how then? On the IANA profiles web page I can see (1.3.6.1.5.5.4) and (1.3.6.1.5.5.8) but no 1.3.6.1.5.5.7, just a reference to Russ. Tom Petch - Original Message - From: Christopher Morrow morrowc.li...@gmail.com To: sidr@ietf.org; sidr-cha...@ietf.org Sent: Friday, April 13, 2012 10:16 PM Helo WG peoples, The following update posted today. Sean and Tom have come to agreement on their differences, I believe this closes the last open items on this document. Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012 Thanks! -Chris co-chair On Fri, Apr 13, 2012 at 3:03 PM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. Title : A Profile for BGPSEC Router Certificates, Certificate Revocation Lists, and Certification Requests Author(s) : Mark Reynolds Sean Turner Steve Kent Filename : draft-ietf-sidr-bgpsec-pki-profiles-03.txt Pages : 11 Date : 2012-04-13 This document defines a standard profile for X.509 certificates for the purposes of supporting validation of Autonomous System (AS) paths in the Border Gateway Protocol (BGP), as part of an extension to that protocol known as BGPSEC. BGP is a critical component for the proper operation of the Internet as a whole. The BGPSEC protocol is under development as a component to address the requirement to provide security for the BGP protocol. The goal of BGPSEC is to design a protocol for full AS path validation based on the use of strong cryptographic primitives. The end-entity (EE) certificates specified by this profile are issued under Resource Public Key Infrastructure (RPKI) Certification Authority (CA) certificates, containing the AS Identifier Delegation extension, to routers within the Autonomous System (AS). The certificate asserts that the router(s) holding the private key are authorized to send out secure route advertisements on behalf of the specified AS. This document also profiles the Certificate Revocation List (CRL), profiles the format of certification requests, and specifies Relying Party certificate path validation procedures. The document extends the RPKI; therefore, this documents updates the RPKI Resource Certificates Profile (RFC 6487). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
On 05/03/2012 03:57 AM, t.petch wrote: A question arising from my ignorance. How do values in the security arc get assigned? Not IANA since there are no IANA considerations, but how then? good question... the below are asn.1 things, quickly searching around isn't helping me out much either :( Russ, any idea how this happens in practice? 'lick finger, test wind, guess number' seems like the wrong method... On the IANA profiles web page I can see (1.3.6.1.5.5.4) and (1.3.6.1.5.5.8) but no 1.3.6.1.5.5.7, just a reference to Russ. Tom Petch - Original Message - From: Christopher Morrow morrowc.li...@gmail.com To: sidr@ietf.org; sidr-cha...@ietf.org Sent: Friday, April 13, 2012 10:16 PM Helo WG peoples, The following update posted today. Sean and Tom have come to agreement on their differences, I believe this closes the last open items on this document. Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012 Thanks! -Chris co-chair On Fri, Apr 13, 2012 at 3:03 PM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. Title : A Profile for BGPSEC Router Certificates, Certificate Revocation Lists, and Certification Requests Author(s) : Mark Reynolds Sean Turner Steve Kent Filename : draft-ietf-sidr-bgpsec-pki-profiles-03.txt Pages : 11 Date : 2012-04-13 This document defines a standard profile for X.509 certificates for the purposes of supporting validation of Autonomous System (AS) paths in the Border Gateway Protocol (BGP), as part of an extension to that protocol known as BGPSEC. BGP is a critical component for the proper operation of the Internet as a whole. The BGPSEC protocol is under development as a component to address the requirement to provide security for the BGP protocol. The goal of BGPSEC is to design a protocol for full AS path validation based on the use of strong cryptographic primitives. The end-entity (EE) certificates specified by this profile are issued under Resource Public Key Infrastructure (RPKI) Certification Authority (CA) certificates, containing the AS Identifier Delegation extension, to routers within the Autonomous System (AS). The certificate asserts that the router(s) holding the private key are authorized to send out secure route advertisements on behalf of the specified AS. This document also profiles the Certificate Revocation List (CRL), profiles the format of certification requests, and specifies Relying Party certificate path validation procedures. The document extends the RPKI; therefore, this documents updates the RPKI Resource Certificates Profile (RFC 6487). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
I have read the -03 version of bgpsec profiles. I think the current version of the document is solid. But I don't think the protocol spec is quite stable enough to say we aren't going to be making any changes to the bgpsec protocol that will require a change to the profiles document ... but I hope the protocol spec will soon (several months) be that stable. - Matt Lepinski On 4/13/2012 5:26 PM, Brian Dickson wrote: While I think the document may be pretty solid currently, the meta-issue of the tail wagging the dog exists. I.e. There still exists the potential for additional requirements to surface, related to the design and implementation of the bgpsec protocol, which have the potential to inform additional requirements for the EE certs, and/or other (new) cert types. So, even if it passes WGLC intact, I'm of the opinion that it should be kept in the hold buffer, until the other work goes through more substantial development and review cycles. Brian On Fri, Apr 13, 2012 at 4:16 PM, Christopher Morrow morrowc.li...@gmail.com mailto:morrowc.li...@gmail.com wrote: Helo WG peoples, The following update posted today. Sean and Tom have come to agreement on their differences, I believe this closes the last open items on this document. Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012 Thanks! -Chris co-chair On Fri, Apr 13, 2012 at 3:03 PM, internet-dra...@ietf.org mailto:internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. Title : A Profile for BGPSEC Router Certificates, Certificate Revocation Lists, and Certification Requests Author(s) : Mark Reynolds Sean Turner Steve Kent Filename: draft-ietf-sidr-bgpsec-pki-profiles-03.txt Pages : 11 Date: 2012-04-13 This document defines a standard profile for X.509 certificates for the purposes of supporting validation of Autonomous System (AS) paths in the Border Gateway Protocol (BGP), as part of an extension to that protocol known as BGPSEC. BGP is a critical component for the proper operation of the Internet as a whole. The BGPSEC protocol is under development as a component to address the requirement to provide security for the BGP protocol. The goal of BGPSEC is to design a protocol for full AS path validation based on the use of strong cryptographic primitives. The end-entity (EE) certificates specified by this profile are issued under Resource Public Key Infrastructure (RPKI) Certification Authority (CA) certificates, containing the AS Identifier Delegation extension, to routers within the Autonomous System (AS). The certificate asserts that the router(s) holding the private key are authorized to send out secure route advertisements on behalf of the specified AS. This document also profiles the Certificate Revocation List (CRL), profiles the format of certification requests, and specifies Relying Party certificate path validation procedures. The document extends the RPKI; therefore, this documents updates the RPKI Resource Certificates Profile (RFC 6487). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt ___ sidr mailing list sidr@ietf.org mailto:sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org mailto:sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
Re: [sidr] WGLC: draft-ietf-sidr-bgpsec-pki-profiles
While I think the document may be pretty solid currently, the meta-issue of the tail wagging the dog exists. I.e. There still exists the potential for additional requirements to surface, related to the design and implementation of the bgpsec protocol, which have the potential to inform additional requirements for the EE certs, and/or other (new) cert types. So, even if it passes WGLC intact, I'm of the opinion that it should be kept in the hold buffer, until the other work goes through more substantial development and review cycles. Brian On Fri, Apr 13, 2012 at 4:16 PM, Christopher Morrow morrowc.li...@gmail.com wrote: Helo WG peoples, The following update posted today. Sean and Tom have come to agreement on their differences, I believe this closes the last open items on this document. Let's start a WGLC for this, ending: 4/27/2012 or 27/4/2012 Thanks! -Chris co-chair On Fri, Apr 13, 2012 at 3:03 PM, internet-dra...@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF. Title : A Profile for BGPSEC Router Certificates, Certificate Revocation Lists, and Certification Requests Author(s) : Mark Reynolds Sean Turner Steve Kent Filename: draft-ietf-sidr-bgpsec-pki-profiles-03.txt Pages : 11 Date: 2012-04-13 This document defines a standard profile for X.509 certificates for the purposes of supporting validation of Autonomous System (AS) paths in the Border Gateway Protocol (BGP), as part of an extension to that protocol known as BGPSEC. BGP is a critical component for the proper operation of the Internet as a whole. The BGPSEC protocol is under development as a component to address the requirement to provide security for the BGP protocol. The goal of BGPSEC is to design a protocol for full AS path validation based on the use of strong cryptographic primitives. The end-entity (EE) certificates specified by this profile are issued under Resource Public Key Infrastructure (RPKI) Certification Authority (CA) certificates, containing the AS Identifier Delegation extension, to routers within the Autonomous System (AS). The certificate asserts that the router(s) holding the private key are authorized to send out secure route advertisements on behalf of the specified AS. This document also profiles the Certificate Revocation List (CRL), profiles the format of certification requests, and specifies Relying Party certificate path validation procedures. The document extends the RPKI; therefore, this documents updates the RPKI Resource Certificates Profile (RFC 6487). A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-sidr-bgpsec-pki-profiles-03.txt ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr