On Tue, Mar 11, 2014 at 10:34 AM, Stephen Kent <[email protected]> wrote: > Chris, > > >> It was pointed out in passing (hallway/table conversation) that in: >> draft-ietf-sidr-bgpsec-algs-05 (at least 05) >> >> there's this text in section 2: >> >> "NOTE: The exception to the above hashing algorithm is the use of >> >> SHA-1 [SHS] when CAs generate authority and subject key >> identifiers [ID.bgpsec-pki-profiles]." >> >> The reference to bgpsec-pki-profiles, is PROBABLY really: >> draft-sidr-bgpsec-pki-profiles >> <http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-protocol> > > not sure why the angle bracket reference to the bgpsec protocol appears > above,
angle brackets because of old-skool email-client/URL interpolation habits :( wrong reference because ... #fail. The right one: <http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-pki-profiles> apologies for the confusion. > after the intended reference. But, as you note below, > draft-sidr-bgpsec-pki-profiles > does not refer to SKI's.It says that it inherits all of the RPKI cert > profile > (RFC 6487) except as noted in Section 3 of the I-D. RFC 6487 mandates > inclusion > of the SKI and AKI extensions, and specifies use of SHA-1 to compute SKI and > AKI values. > So, the text above should be changed to refer RFC 6487. (There is no need to > go back to > 5280, since 6487 cites it and narrows the SKI/AKI generation options from > that RFC.) awesome! the OP was correct in pointing out the missing linkages, sweet :) > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
