SIDR WG Monday Dec 4, 2007 3:20 PM Minutes: Paul Hoffman Note: contents of slides not duplicated here Architecture and ROA format documents - Matt Lepinski CP and CPS drafts Not updated since Chicago because little feedback Wants more review, particularly from registries Architecure draft had minor changes Added discussion of private address space IANA writes a cert and throws away private key Geoff Huston asked why this would be done at all Steve Kent said that this is for transition that gives software an authorized cert Sandy asked about whether this is both v4 and v6 Clarified IPv4 and IPV6 address families Will get rid of most of manifest text, put in a separate document ROA format draft Open issue on aggregating CA certifcates for adjacent addresses: a) Maybe not address this b) Allow multiple signatures on a ROA c) Change the algorithm for matching ROAs to route advertisements Geoff thinks (a) is unwise, (c) is compliated, (b) works well Paul Hoffman asked if (b) would really be possible with different signers Steve Kent said they will be the same person Rob Austein thinks (a) is better and worries about (b) Wants specific text for (b) Matt and Geoff will get such text to the mailing list Geoff thinks the semantics will be clear and will prevent jigsaw puzzle algorithm Tim Christensen agrees with Geoff's thinking if there is a trading world Will trading happen enough to matter? What about tradeoff costs? Sandy Murphy says (c) may get complicated We are guessing about aggregation futures in (b) If we're wrong, we can't go back Tim Christensen proposed that an RIR would aggregate the certs when they aggregated the space Certificate Profile - Geoff Huston Added manifests into SIA field Retained RSYHC as a MUST Dropped subjectAltName Ready for WGLC soon Musing about validation Worried about nesting assertions need to be validated Currently resolution requires full validation Superior certificates can add assertions such as adding ASs to address-bearing cert Rob Austein doesn't see the benefit of allowing adding authorizations above Steve says that there is a fundamental tradeoff in allowing adding vs. restricting George Michaelson said relaxation will help the edge element Robert Kisteleki said that top-down validation and bottom-up validation should come to the same conclusion Rob doesn't think that the nested assertions can all be extended Geoff thinks that most agree that this is indeed a very bad idea Manifests - Steve Kent Now being in their own document Default to continuity of operations over strict security Geoff points out that we are assuming the manifest is good and the files (or lack of them) are bad This causes some different thinking for operations for on-demand updating of the "directory" Steve says ths is not a new problem; it is the same as for CRLs Robert Kisteleki asks if manifests should be in PKIX, not here Steve sais that this is a different environment; for example, if a CRL is missing Rob says that you will also need some sort of summary display because there could easily be >40K files Resource Certificate Provisioning - Geoff Huston SIDR becomes an application of PKIX Standards from Security Area are not enough for the RIRs Want to automate the cert issuance procudre so that the issuer and subject match the actual resources Can get a list of your current state, ask for cert to be issued, or to have a key revoked Have clean key rollover Draft has not been submitted yet There are a few implementations so far Steve Kent says we don't revoke keys, we revoke certs Geoff says this is to avoid CRL bloat Also, the subject doesn't need to keep track of the serial number Action Items: - Matt Lepinski to draft text on clarifications to the ROA draft to include consideration of ROAs with multiple signers - WG chairs to poll the working group to adopt the manifest draft as a WG item - WG chairs to poll the working group to adopt the rescert provisioning protocol as a wg document