Presentation is loading. Please wait.

Presentation is loading. Please wait.

ROA Content Proposal November 2006 Geoff Huston.

Published bySusanto Hardja Modified over 5 years ago

Similar presentations

Presentation on theme: "ROA Content Proposal November 2006 Geoff Huston."— Presentation transcript:

1 ROA Content Proposal November 2006 Geoff Huston

2 EE Resource Certificates
End Entity (no-CA) Certificates used as one-off ROA signing certificates EE cert can be used for a single-use ROA signing Private key is destroyed after a single use EE Cert SIA is a pointer to the object that has been signed with the corresponding private key ROA validity and resource attributes are controlled by the associated EE certificate(s)

3 What Information is required for a ROA?
Originating AS IP Address Set Period of the Authority (Start & End Times) Information to allow a relying party to validate that: The address set is valid The ROA was generated by the address holder The ROA has not been altered The ROA is valid

4 What Information is required for a ROA?
Originating AS In the ROA IP Address Set In the EE Cert (or in the ROA?) Period of the Authority (Start & End Times) In the EE Cert Information to allow a relying party to validate that: The address set is valid The ROA was generated by the address holder The ROA has not been altered The ROA is valid In the EE Cert, plus a Trust Anchor set

5 ROA Template (1) ROA Contents: AS Number Address Resource Set
Signature(s) across the join of items 1 + 2 Pointers to EE Cert(s)

6 Alternate ROA Template (2)
ROA Contents: AS Number Pointers (URLs) of EE Cert(s) Signature(s) across the join of items 1 + 2

7 Alternate ROA Template (3)
ROA Contents: AS Number EE Cert(s) Signature(s) across the join of items 1 + 2

8 Alternate ROA Template (4)
ROA Contents: AS Number Hash(es) of EE Cert(s) Signature(s) across the join of items 1 + 2

Download ppt "ROA Content Proposal November 2006 Geoff Huston."

Similar presentations

RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.

A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.
The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.

The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.
RPKI Certificate Policy Status Update Stephen Kent.

RPKI Certificate Policy Status Update Stephen Kent.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Access control for IP multicast T-110.557 Petri Jokela

Access control for IP multicast T Petri Jokela
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.

What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC.

Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC.
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
DNS-centric PKI Sean Turner Russ Housley Tim Polk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.
The Resource Public Key Infrastructure Geoff Huston APNIC.

The Resource Public Key Infrastructure Geoff Huston APNIC.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Similar presentations

Ads by Google