Randy, >> I'm suggesting that A delegates a unique signing key to the RS. > > the expression we use is, now RS can sign gifs of naked furries in A's > name. i.e. A has given away the store. you do NOT let anyone else have > your private keys. > > for example. in this context, RS can now give that key to Perp who can > originate A's prefixes. #fail
I do not follow this reasoning. The certificate for BGPSEC are EE certificates with only A's ASN in its RFC3779 extension. So, you cannot use the same key to sign a ROA with another ASN nor issue any certificate using that same key. IMHO, A good idea could be to clearly identify BGPSEC EE certs in the RPKI repository by assign them a distinct Extended Key Usage (EKU). The use of EKU is permitted by the RPKI CP. The EKU should be checked by the RP during the validation process. Roque > >> This is what "6.6 Proxy Signing" in >> draft-sriram-bgpsec-design-choices suggests, is it not ? Or does that >> blow the trust model to hell, also ? > > it does indeed. that is why 6.6 was rejected. > > randy > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
