Draft-huston-sidr-rfc6490-bis Geoff Huston Slide 1/6.

Slides:



Advertisements
Similar presentations
RPKI Standards Activity Geoff Huston APNIC February 2010.
Advertisements

A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 70.
PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.
RPKI Certificate Policy Status Update Stephen Kent.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Rfc4474bis-01 IETF 89 (London) STIR WG Jon & Cullen.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
RPKI Validation - Revisited draft-huston-rpki-validation-01.txt Geoff Huston George Michaelson APNIC Slide 1/19.
RPKI Validation - Revisited draft-huston-rpki-validation-00.txt Geoff Huston George Michaelson APNIC.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
Wed 28 Jul 2010SIDR IETF 78 Maastricht, NL1 SIDR Working Group IETF 78 Maastricht, NL Wednesday, 28 Jul 2010.
Resource Certification What it means for LIRs Alain P. AINA Special Project Manager.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
The Resource Public Key Infrastructure Geoff Huston APNIC.
14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
Status Update for Algorithm Transition for the RPKI (draft-ietf-sidr-algorithm-agility) Steve Kent Roque Gagliano Sean Turner.
APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt SEND Certificate Profile draft-krishnan-cgaext-send-cert-eku-02 Suresh Krishnan Ana Kukec Khaja Ahmed.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
CDB Chris Bonatti (IECA, Inc.) Tel: (+1) Proposed PKI4IPSEC Certificate Management Requirements Document IETF #59 – PKI4IPSEC Working.
A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
1 SeGW Certificate profile (Revised) 3GPP2 TSG-S WG4 /TSG-X WG5 (PDS) S X xx Source: QUALCOMM Incorporated Contact(s): Anand.
BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Updates to the RPKI Certificate Policy I-D Steve Kent BBN Technologies.
IPR WG Agenda, Vancouver December Agenda 0900: Administrativia 0910: Status of WG documents 0915: Issues raised so far at Last Call 0945: Instructions.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
IETF-59, Seoul, S. Korea OpenPGP, March 2, 2004 OpenPGP Working Group IETF-59, Seoul, S. Korea March 2, 2004 Chair: Derek Atkins List:
Manifests (and Destiny?) Stephen Kent BBN Technologies.
X.509 standard and CA’s operation Certificate path validation Dec. 18, C&IS lab. Vo Duc Liem.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt SEND Certificate Profile draft-krishnan-cgaext-send-cert-eku-01 Suresh Krishnan Ana Kukec Khaja Ahmed.
1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.
Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.
Wed 24 Mar 2010SIDR IETF 77 Anaheim, CA1 SIDR Working Group IETF 77 Anaheim, CA Wednesday, Mar 24, 2010.
November 8, 2005"Field of Use" RFC Modification1 “Field of Use” RFC Modification Permissions David L. Black EMC Corporation November 8, 2005.
Draft-ietf-sidr-roa-format draft-ietf-sidr-arch Matt Lepinski BBN Technologies.
RPKI Certificate Policy Status Update Stephen Kent.
Resource Certificate Provisioning Protocol Geoff Huston IETF 70 December 2007.
Request Interface for CDN Interconnection draft-choi-cdni-req-intf-00.txt Taesang Choi Jonggyu Sung Jongmin Lee.
Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston )
Framework on Key Compromise, Key Loss & Key Rollover
RPKI Gray Area: Inheritance? IETF 83, SIDR WG Contributors: Andrew Chi (BBN), Rob Austein (DRL), Tim Bruijnzeels and Miklos Juhasz (RIPE NCC)
RPKI Certificate Policy Status Update Stephen Kent.
Jim McEachern Senior Technology Consultant ATIS July 8, 2015.
Cryptography and Network Security
RPKI Trust Anchor Geoff Huston APNIC.
IETF Working Group CSCI 344 Spring 2016 Report <Your name>
APNIC Trial of Certification of IP Addresses and ASes
APNIC Trial of Certification of IP Addresses and ASes
Resource Certificate Profile
ROA Content Proposal November 2006 Geoff Huston.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006
Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-19 NETCONF WG IETF 100 (Singapore)
Remote ATtestation ProcedureS (RATS)
Presentation transcript:

draft-huston-sidr-rfc6490-bis Geoff Huston Slide 1/6

draft-huston-sidr-rfc6490-bis Geoff Huston ietf Slide 2/6

RFC6490 This document defines a Trust Anchor Locator (TAL) for the Resource Certificate Public Key Infrastructure (RPKI) [RFC6480]. This format may be used to distribute trust anchor material using a mix of out- of-band and online means. Procedures used by Relying Parties (RPs) to verify RPKI signed objects SHOULD support this format to facilitate interoperability between creators of trust anchor material and RPs. Summary: A TAL is a simple text object which is composed of – a URI (where self-signed CA can be found) – a hash of a public key Intent: To allow a CA to vary the Internet Number Resources in the self-signed CA cert without having to promulgate a new certificate across all Relying Parties Slide 3/6

draft-ietf-sidr-multiple-publication- points “This document addresses this problem [ of scalability and diversity ] by enabling multiple operators for trust anchor material … by allowing one or more URI for each public key in a TAL file” Section 3 of the draft describes proposed changes to RFC6490 that would permit the use of multiple URIs in a TAL Note from SIDR WG Char 6 December: Proposes “a "6490-bis" document that obsoletes RFC 6490 with the addition of multiple operators in section 3 of the current document.” Slide 4/6

draft-huston-sidr-rfc6490-bis-01.txt Applies section 3 of draft-ietf-sidr-multiple- publication-points to RFC 6490 – Adds the ability to place multiple URIs in the TAL – Adds guidelines for Relying Parties ietf Slide 5/6

Issues Discussion issues raised on the SIDR list so far: – Syntax of a TAL blank line separator between URI(s) and Key? Use “key=val” format? Use JSON? Specify a maximum number of URIs? – Different certs retrieved from different URI’s? Incrementing CA serial numbers? Time limit for CA propagation / removal? Develop a TA change protocol? Publish a TAL lifetime object? What does “Stable URI” mean? Slide 6/6

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.