Yes, there seems to be an issue here: I believe the question is what types of keys can appear as the subject public key in an RPKI certificate.
-- RFC 6485 says "See 6487" (and thus 6487bis when it is published) to find out what is allowed as a subject public key -- draft-ietf-sidr-bgpsec-pki-profiles updates RFC 6485 and says "For Router Certs (end-entity certificates use by BGPSEC) see draft-ietf-sidr-bgpsec-algs Ideally, this shouldn't be a problem. RFC 6487 governs subject public keys for all certificates in the RPKI except BGPSEC router certificates and draft-sidr-bgpsec-algs covers that case. That being said, we currently have two working group documents that update RFC 6485 and I am not sure that it is sufficiently clear in the text of those documents how the two updates interact. On Mon, Jul 7, 2014 at 4:28 PM, Geoff Huston <[email protected]> wrote: > Hi Sean, > > Whats the relationship between this draft and draft-ietf-sidr-rfc6485bis? > > g > > > On 3 Jul 2014, at 1:36 am, Sean Turner <[email protected]> wrote: > >> A minor update to move some references that were in the wrong place as well >> as to correctly identify where the OID goes that indicates the algorithm >> used in the CRMF (thanks Sandy for pointing these out). Oh and I updated >> the dates. >> >> spt >> >> On Jul 02, 2014, at 11:34, [email protected] wrote: >> >>> >>> A New Internet-Draft is available from the on-line Internet-Drafts >>> directories. >>> This draft is a work item of the Secure Inter-Domain Routing Working Group >>> of the IETF. >>> >>> Title : BGP Algorithms, Key Formats, & Signature Formats >>> Author : Sean Turner >>> Filename : draft-ietf-sidr-bgpsec-algs-07.txt >>> Pages : 7 >>> Date : 2014-07-02 >>> >>> Abstract: >>> This document specifies the algorithms, algorithms' parameters, >>> asymmetric key formats, asymmetric key size and signature format used >>> in BGPSEC (Border Gateway Protocol Security). This document updates >>> the Profile for Algorithms and Key Sizes for use in the Resource >>> Public Key Infrastructure (RFC 6485). >>> >>> >>> The IETF datatracker status page for this draft is: >>> https://datatracker.ietf.org/doc/draft-ietf-sidr-bgpsec-algs/ >>> >>> There's also a htmlized version available at: >>> http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-algs-07 >>> >>> A diff from the previous version is available at: >>> http://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-bgpsec-algs-07 >>> >>> >>> Please note that it may take a couple of minutes from the time of submission >>> until the htmlized version and diff are available at tools.ietf.org. >>> >>> Internet-Drafts are also available by anonymous FTP at: >>> ftp://ftp.ietf.org/internet-drafts/ >>> >>> _______________________________________________ >>> sidr mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/sidr >> >> _______________________________________________ >> sidr mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/sidr > > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
