On Sat, Mar 24, 2012 at 10:05 AM, Christopher Morrow <[email protected]> wrote: > On Sat, Mar 24, 2012 at 10:02 AM, Matt Lepinski <[email protected]> wrote: >> Chris, >> >> No, I believe Wes is talking about: >> http://tools.ietf.org/html/draft-rogaglia-sidr-bgpsec-rollover-00 > > oh :) burried further down the list :( Sorry, that seems to make a > clearer link to why combination would be good.
oh, except that the -rollover doc says: "The BGPSEC key roll-over process should be very tighten to the key provisioning mechanisms that would be in place. The key provisioning mechanisms for BGPSEC are not yet documented. We will assume that such an automatic provisioning mechanism will be in place (a possible provisioning mechanism when the private key lives only inside the BGP speaker is the Enrollment over Secure Transport (EST). This protocol will allow BGPSEC code to include automatic re-keying scripts with minimum development cost." in the second sentence it's asking for this doc... (the first sentence seems to have some missing words though) > thanks! > -chris > >> - Matt Lepinski >> >> >> On 3/24/2012 9:42 AM, Christopher Morrow wrote: >>> >>> On Sat, Mar 24, 2012 at 9:33 AM, George, Wes<[email protected]> >>> wrote: >>>> >>>> Yes, support. Anything that teaches router jockeys how to wrangle keys >>>> and not compromise the security of the system in the process is a good >>>> thing >>>> IMO. >>>> >>>> Though I'm wondering if perhaps this doc and bgpsec-rollover should be >>>> integrated >>> >>> interesting... so you mean: >>> <http://tools.ietf.org/html/rfc6489.txt> >>> >>> or something else? I think a doc just talking about 'network equipment >>> handling of certs' is good, mingling in with 'if I want to roll the >>> key on my CA, I do ...' seems like hiding the sausage in the wrong >>> place. (or maybe not the wrong place, but not the right one >>> either....) Sure, the 2 items are potentially linked, but... the CA >>> bits cover a lot more ground, so I would say more chance for confusion >>> and mistakes due to complexity. >>> >>> -chris >>> >>>>> -----Original Message----- >>>>> From: [email protected] [mailto:[email protected]] On Behalf Of >>>>> Christopher Morrow >>>>> Sent: Saturday, March 24, 2012 6:19 AM >>>>> To: Sean Turner >>>>> Cc: Murphy, Sandra; [email protected] >>>>> Subject: Re: [sidr] wg adoption call for >>>>> draft-ymbk-bgpsec-rtr-rekeying-00.txt >>>>> >>>>> <crickets> >>>>> Hey folk, >>>>> Is this draft stating something obvious and doesn't need to be >>>>> documented? or are we in need of this doc to keep us all on the same >>>>> page (us == ops + vendors) as to getting a cert created and installed >>>>> on our lovely devices? >>>>> >>>>> If people could take a few minutes to read the 4 pages (minus >>>>> boilerplate) and think/comment that would be nice. >>>>> >>>>> (for the record, it seems like documenting this is a good thing, from >>>>> my perspective.) >>>>> >>>>> -chris >>>>> >>>>> On Mon, Mar 12, 2012 at 4:13 PM, Sean Turner<[email protected]> wrote: >>>>>> >>>>>> Well I'd like to see it adopted and I promise to work on it ;) >>>>>> >>>>>> spt >>>>>> >>>>>> >>>>>> On 3/7/12 6:07 PM, Murphy, Sandra wrote: >>>>>>> >>>>>>> An alert eye pointed out that the URL below is incorrect. The correct >>>>>>> pointer is >>>>>>> >>>>>>> http://tools.ietf.org/html/draft-ymbk-bgpsec-rtr-rekeying-00 >>>>>>> >>>>>>> --Sandy, speaking as clumsy wg co-chair >>>>>>> >>>>>>> ________________________________________ >>>>>>> From: [email protected] [[email protected]] on behalf of >>>>>>> Murphy, >>>>>>> Sandra [[email protected]] >>>>>>> Sent: Wednesday, March 07, 2012 5:40 PM >>>>>>> To: [email protected] >>>>>>> Subject: [sidr] wg adoption call for >>>>>>> draft-ymbk-bgpsec-rtr-rekeying-00.txt >>>>>>> >>>>>>> The following request has been made for wg adoption of >>>>>>> draft-ymbk-bgpsec-rtr-rekeying-00.txt. >>>>>>> >>>>>>> The draft is available at >>>>>>> http://tools.ietf.org/html/draft-ymbk-rpki-rtr-impl-01. >>>>>>> >>>>>>> Please respond to the list to say whether you accept this draft as a >>>>>>> working group draft and are willing to work on it. Remember that you >>>>>>> do not >>>>>>> need to accept all content in a draft to adopt, as draft editors are >>>>>>> required to reflect the consensus of the working group. >>>>>>> >>>>>>> This call will end 21 Mar 2012. >>>>>>> >>>>>>> --Sandy, speaking as wg co-chair >>>>>>> >>>>>>> >>>>>>> ________________________________________ >>>>>>> From: [email protected] [[email protected]] on behalf of Randy >>>>>>> Bush [[email protected]] >>>>>>> Sent: Monday, March 05, 2012 8:54 PM >>>>>>> To: sidr wg list >>>>>>> Subject: [sidr] draft-ymbk-bgpsec-rtr-rekeying-00.txt >>>>>>> >>>>>>> chairs, please consider as a wg work item. thanks. >>>>>>> >>>>>>> randy >>>>>>> >>>>>>> --- >>>>>>> >>>>>>> From: [email protected] >>>>>>> Subject: New Version Notification for >>>>>>> draft-ymbk-bgpsec-rtr-rekeying-00.txt >>>>>>> >>>>>>> A new version of I-D, draft-ymbk-bgpsec-rtr-rekeying-00.txt has been >>>>>>> succes= >>>>>>> sfully submitted by Sean Turner and posted to the IETF repository. >>>>>>> >>>>>>> Filename: draft-ymbk-bgpsec-rtr-rekeying >>>>>>> Revision: 00 >>>>>>> Title: Router Keying for BGPsec >>>>>>> Creation date: 2012-03-05 >>>>>>> WG ID: Individual Submission >>>>>>> Number of pages: 7 >>>>>>> >>>>>>> Abstract: >>>>>>> BGPsec-speaking routers must be provisioned with private keys and >>>>>>> the >>>>>>> corresponding public key must be published in the global Resource >>>>>>> PKI. This document describes two ways of doing so, router-driven >>>>>>> and >>>>>>> operator-driven. >>>>>>> _______________________________________________ >>>>>>> sidr mailing list >>>>>>> [email protected] >>>>>>> https://www.ietf.org/mailman/listinfo/sidr >>>>>>> _______________________________________________ >>>>>>> sidr mailing list >>>>>>> [email protected] >>>>>>> https://www.ietf.org/mailman/listinfo/sidr >>>>>>> _______________________________________________ >>>>>>> sidr mailing list >>>>>>> [email protected] >>>>>>> https://www.ietf.org/mailman/listinfo/sidr >>>>>>> >>>>>> _______________________________________________ >>>>>> sidr mailing list >>>>>> [email protected] >>>>>> https://www.ietf.org/mailman/listinfo/sidr >>>>> >>>>> _______________________________________________ >>>>> sidr mailing list >>>>> [email protected] >>>>> https://www.ietf.org/mailman/listinfo/sidr >>>> >>>> This E-mail and any of its attachments may contain Time Warner Cable >>>> proprietary information, which is privileged, confidential, or subject to >>>> copyright belonging to Time Warner Cable. This E-mail is intended solely >>>> for >>>> the use of the individual or entity to which it is addressed. If you are >>>> not >>>> the intended recipient of this E-mail, you are hereby notified that any >>>> dissemination, distribution, copying, or action taken in relation to the >>>> contents of and attachments to this E-mail is strictly prohibited and may >>>> be >>>> unlawful. If you have received this E-mail in error, please notify the >>>> sender immediately and permanently delete the original and any copy of this >>>> E-mail and any printout. >>> >>> _______________________________________________ >>> sidr mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/sidr >> >> >> _______________________________________________ >> sidr mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
