| < draft-ietf-sidr-bgpsec-algs-13.txt | draft-ietf-sidr-bgpsec-algs-14.txt > | |||
|---|---|---|---|---|
| Secure Inter-Domain Routing Working Group S. Turner | Secure Inter-Domain Routing Working Group S. Turner | |||
| Internet-Draft IECA, Inc. | Internet-Draft IECA, Inc. | |||
| Updates: 6485bis (if approved) November 4, 2015 | Updates: 6485bis (if approved) November 10, 2015 | |||
| Intended status: Standards Track | Intended status: Standards Track | |||
| Expires: May 7, 2016 | Expires: May 13, 2016 | |||
| BGPsec Algorithms, Key Formats, & Signature Formats | BGPsec Algorithms, Key Formats, & Signature Formats | |||
| draft-ietf-sidr-bgpsec-algs-13 | draft-ietf-sidr-bgpsec-algs-14 | |||
| Abstract | Abstract | |||
| This document specifies the algorithms, algorithm parameters, | This document specifies the algorithms, algorithm parameters, | |||
| asymmetric key formats, asymmetric key size and signature format used | asymmetric key formats, asymmetric key size and signature format used | |||
| in BGPsec (Border Gateway Protocol Security). This document updates | in BGPsec (Border Gateway Protocol Security). This document updates | |||
| the Profile for Algorithms and Key Sizes for use in the Resource | the Profile for Algorithms and Key Sizes for use in the Resource | |||
| Public Key Infrastructure (ID.sidr-rfc6485bis). | Public Key Infrastructure (ID.sidr-rfc6485bis). | |||
| Status of this Memo | Status of this Memo | |||
| skipping to change at page 3, line 23 ¶ | skipping to change at page 3, line 23 ¶ | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| [RFC2119]. | [RFC2119]. | |||
| 2. Algorithms | 2. Algorithms | |||
| The algorithms used to compute signatures on CA certificates, BGPsec | The algorithms used to compute signatures on CA certificates, BGPsec | |||
| Router Certificates, and CRLs are as specified in Section 2 of | Router Certificates, and CRLs are as specified in Section 2 of | |||
| [ID.sidr-rfc6485bis]. The remainder of this section addresses | [ID.sidr-rfc6485bis]. The remainder of this section addresses | |||
| algorithms used when BGPsec routers request certificates, RPKI CAs | algorithms used when BGPsec routers request certificates, RPKI CAs | |||
| verify BGPsec certification request, BGPsec routers generate BGPsec | verify BGPsec certification requests, BGPsec routers generate BGPsec | |||
| Update messages, and when BGPsec routers verify BGPsec Update | Update messages, and when BGPsec routers verify BGPsec Update | |||
| messages: | messages: | |||
| o The signature algorithm used MUST be the Elliptic Curve Digital | o The signature algorithm used MUST be the Elliptic Curve Digital | |||
| Signature Algorithm (ECDSA) with curve P-256 [RFC6090][FIPS186]. | Signature Algorithm (ECDSA) with curve P-256 [RFC6090][FIPS186]. | |||
| o The hash algorithm used MUST be SHA-256 [SHS]. | o The hash algorithm used MUST be SHA-256 [SHS]. | |||
| Hash algorithms are not identified by themselves in certificates or | Hash algorithms are not identified by themselves in certificates or | |||
| BGPsec Update messages. They are represented by an OID that combines | BGPsec Update messages. They are represented by an OID that combines | |||
| skipping to change at page 6, line 10 ¶ | skipping to change at page 6, line 10 ¶ | |||
| process defined in [RFC5226], or the Early IANA Allocation process | process defined in [RFC5226], or the Early IANA Allocation process | |||
| defined in [RFC7120]. Assignments consist of a digest algorithm | defined in [RFC7120]. Assignments consist of a digest algorithm | |||
| name, signature algorithm name, and the algorithm suite identifier | name, signature algorithm name, and the algorithm suite identifier | |||
| value. | value. | |||
| 8. Acknowledgements | 8. Acknowledgements | |||
| The author wishes to thank Geoff Huston and George Michaelson for | The author wishes to thank Geoff Huston and George Michaelson for | |||
| producing [ID.sidr-rfc6485bis], which this document is entirely based | producing [ID.sidr-rfc6485bis], which this document is entirely based | |||
| on. I'd also like to thank Roque Gagliano, David Mandelberg, Sam | on. I'd also like to thank Roque Gagliano, David Mandelberg, Sam | |||
| Weiller, and Stephen Kent for their reviews and comments. | Weiler, and Stephen Kent for their reviews and comments. | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification | [RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification | |||
| Request Syntax Specification Version 1.7", RFC 2986, | Request Syntax Specification Version 1.7", RFC 2986, | |||
| End of changes. 5 change blocks. | ||||
| 5 lines changed or deleted | 5 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||