Chris,
It was pointed out in passing (hallway/table conversation) that in:
draft-ietf-sidr-bgpsec-algs-05 (at least 05)
there's this text in section 2:
"NOTE: The exception to the above hashing algorithm is the use of
SHA-1 [SHS] when CAs generate authority and subject key
identifiers [ID.bgpsec-pki-profiles]."
The reference to bgpsec-pki-profiles, is PROBABLY really:
draft-sidr-bgpsec-pki-profiles
<http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-protocol>
not sure why the angle bracket reference to the bgpsec protocol appears
above,
after the intended reference. But, as you note below,
draft-sidr-bgpsec-pki-profiles
does not refer to SKI's.It says that it inherits all of the RPKI cert
profile
(RFC 6487) except as noted in Section 3 of the I-D. RFC 6487 mandates
inclusion
of the SKI and AKI extensions, and specifies use of SHA-1 to compute SKI
and AKI values.
So, the text above should be changed to refer RFC 6487. (There is no
need to go back to
5280, since 6487 cites it and narrows the SKI/AKI generation options
from that RFC.)
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
