A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing of the IETF.
Title : Adverse Actions by a Certification Authority (CA) or
Repository Manager in the Resource Public Key Infrastructure (R
> On Jan 12, 2017, at 17:33, Randy Bush wrote:
>
> mornin' oliver,
>
>> This most likely would set a bad example for others that might start
>> issuing certificates with “infinite” life spans.
>
> 'zactly
>
>> In this regards what about a Validity of 365 days within the
>> example. This seems
>>Note that BGPsec update messages can be quite large, therefore any
>>BGPsec speaker announcing the capability to receive BGPsec messages
>>SHOULD also announce support for the capability to receive BGP
>>extended messages [I-D.ietf-idr-bgp-extended-messages].
>>
>> isn't a MUST,
Hi Spencer,
Please see my comments inline below marked with [Sriram].
I have made changes in the document in response to your comments.
You’ll see them in version-22 (to be uploaded in the next few days).
>Perhaps I'm just having a good day, but this is
>one of the clearest BGP-related specifi
mornin' oliver,
> This most likely would set a bad example for others that might start
> issuing certificates with “infinite” life spans.
'zactly
> In this regards what about a Validity of 365 days within the
> example. This seems feasible to me.
>> of course that leaves open what lifetime to r
I went ahead and updated the life span of the certificates in the example.
attached please find the updated version with a certificate validity of 365 days
Oliver
On 1/12/17, 10:08 AM, "sidr on behalf of Borchert, Oliver (Fed)"
wrote:
Hi Randy,
The intention from my side to have
Hi Randy,
The intention from my side to have the “200+ years” was based on my private
dislike to see an example one could actually use in X years where X > now() and
the certificate would be expired.
Said that, this is my personal preference but I get your point. This most
likely would set a b
> Validity
> Not Before: Jan 10 19:55:44 2017 GMT
> Not After : Oct 25 19:55:44 2290 GMT
ok, i blew it and gave no guidance in bgpsec-ops. i guess this doc
would be as good a place as any.
of course that leaves open what lifetime to recommend. we're not gonna
do
