Hey Sandy, On Jan 17, 2012, at 8:20 PM, Murphy, Sandra wrote:
> About #1: > > ROAs are used for origin validation. (*) The bgpsec router needs only the > prefix-AS binding in the ROA, not the crypto part, and only for the origin > validation, not the signature attribute validation. The rpki-rtr protocol is > one way to communicate that binding. I think I recall from another recent thread that there was some contention over whether a router should just take it on faith that the bindings are legit or if it needs to verify them. Since I don't recall that thread coming to consensus, rather than recreate that here, I'm happy to leave this to the other thread if people think that makes sense. > > The bgpsec signature attribute validation does need the public keys that are > used to validate the signatures. (And the binding to an AS - see previous > message.) But it is the nature of the public part of a public/private key > pair that security concerns are lower for communicating that part of the pair > and exposure is no concern. I think we may not be speaking to the same point. If a router gets a private key installed on it (presumably one that has been vetted to sign for an AS/prefix binding), then how do we get that key installed securely? If the router gets born with a key, how does an AS manage the lifetime of that key? That is, how do you envision it gets rolled over to a new key, and how does that key get vetted and installed? Again, I may just be missing the relevant part of some draft, but I was not able to find this procedure concisely documented. > > --Sandy > > (*)(Years ago Geoff corrected me about calling ROAs "certs" and I've > remembered the lesson. They're just signed objects, not certs.) Point well taken, thanks. :) Eric _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
