SIDR BOF
WEDNESDAY, March 22 2006
1510-1610

BOF Chair - Geoff Huston

AGENDA

1. Agenda Bashing, Scribe Victimization


2. BOF Status Review
                Chair


3. Briefing on a PKI proposal for IP resource certification
                Steve Kent


4. Update on APNIC resource certification trial
                  Geoff Huston


5. Discussion


NOTES (Mark Andrews, Tony Tauber)

2. BOF Status Review

  2nd BOF.  IETF 64 featured extended charter discussion. The proposed SIDR
  Charter was submitted to the ADs in November 2005. Ross Callon (incoming
  AD) reported that the AD consideration of the proposed charter was close
  to completion and would be scheduled for IESG consideration in the near
  future. The advise to SIDR was to assume chartering and commence the work
  plan.

  This meeting has BOF-style presentations to describe motivation rather
  than specific work items.

3. Briefing on a PKI proposal for IP resource certification
                Steve Kent

   [presentation]

   Jeff Schiller: How does the ROA structure operate when attempting to
   shift upstream providers?

        A: Request a time-limited ROA from old provider to allow the new
        provider to originate the old address during a transition.


     What happens when old provider doesn't co-operate?

        A: That is a business problem


   Pekka Savola: How are the early allocations dealt with?

        A: handled by IANA?  Need to be accommodated in some fashion, but
        this is not a direct question for SIDR.

   Eric Rescorla: Who will be the root? Could this have multiple roots?


        A: There may be a set of trust anchors, or a single trust anchor.
        This is a certificate validation question and the trust anchors are
        a matter for the relying parties to determine.


4. Update on APNIC resource certification trial
                  Geoff Huston

   [presentation]

        ftp://ftp.apnic.net/pub/test-certs/


   Pekka Savola: How is the public key handled?


        A: This is a trial of technology only.  There are no real client
        private keys, and the public / private key pairs are generated by
        the trial engine. Both keys are in the repository. This is not
        standard repository practice.


   Sandy Murphy: Software for handling certificates?


        A: George Michaelson: CPAN based, available rsn


   Sandy Murphy: What about the repository?


       A: Stephen Kent: the query from replying parties is not quite a case
       of "give me everything" and more likely one of "give me what has
       changed".  Start simple.


        A: George Michaelson: APNIC Trial repository is ~9 MB.  Largest
        Cert is 8k


   Steve Casner: Information update delay.  Will it be multiple days?


        A: Geoff Huston: CPS need to written.  Within RIR is business
        decision.