Sorry, somehow did NOT reply all.
--Sandy
---------- Forwarded message ----------
Date: Fri, 14 Oct 2011 17:44:07 -0400 (Eastern Daylight Time)
From: Sandra Murphy <[email protected]>
To: Brian Dickson <[email protected]>
Subject: Re: [sidr] about a router AS-related certificate
On Fri, 14 Oct 2011, Brian Dickson wrote:
Hi, Sandy,
Would it be too much to ask, to get a brief summary email sent to the
list, of recent last-calls or adoption-calls, and pro/con responses
levels?
Not sure if you mean on a regular periodic basis or right now for the recent
flurry of wg calls.
The summary of the recent flurry can be constructed well enough. (If you want
a rough immediate idea, the mail archive can display a thread index of the
mail.)
A periodic message is also possible, if people would find that useful. You
indicate that you just recently joined the list, so maybe you don't realize
that this wg is particularly bursty, but obviously there's reasonable
periodicity that could be used.
This would be to get an idea of whether some might have been missed,
and which need support to progress?
Some care would be wise. A message from the wg chairs to say "hey, wg, you
haven't demonstrated support for draft X" might be construed as undue
chair influence on the wg consensus.
The periodic summary you suggest is objective enough that it could/might pass
muster.
And I'd suggest that if there were not-many pros, and none or much
fewer than normal cons, that asking again to boost the pro responses,
may be all that is needed.
IMHO, the wg chairs taking steps to boost the pro response would be truly
skating too close to the edge of undue influence. OVer the edge, maybe.
The inter-dependencies of some of these drafts, makes it pretty important.
BTW, I would be more than happy to contribute to the WG in whatever way I
can.
Great!
--Sandy
Thanks,
Brian Dickson
On Fri, Oct 14, 2011 at 10:50 AM, Sandra Murphy
<[email protected]> wrote:
The wg has just demonstrated a lack of support for adoption of a suggested
cert profile for routers in draft-turner-sidr-bgpsec-pki-profiles.
Unfortunately, a router certificate is already mentioned in existing wg
drafts.
The bgpsec-overview draft says:
BGPSEC extends the RPKI by adding an additional type of certificate,
referred to as a BGPSEC router certificate, that binds an AS number
to a public signature verification key, the corresponding private key
of which is held by one or more BGP speakers within this AS.
The bgpsec-ops drafts says:
AS/Router Certificates
A site/operator MAY use a single certificate/key in all their
routers, one certificate/key per router, or any granularity in
between.
A large operator, concerned that a compromise of one router's key
would make many routers vulnerable, MAY accept a more complex
certificate/key distribution burden to reduce this exposure.
On the other extreme, an edge site with one or two routers MAY use a
single certificate/key.
Is there an alternative router certificate that the wg would like to adopt?
If the wg did not realize that the router certificate was needed to fulfill
existing wg drafts, please speak up.
At any rate, the wg needs to indicate how to proceed here.
--Sandy, speaking as wg chair
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
