Presentation is loading. Please wait.

Presentation is loading. Please wait.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 70.

Published byTaylor Porter Modified over 11 years ago

Similar presentations

Presentation on theme: "Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 70."— Presentation transcript:

1 Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 70

2 Was it only a year ago? Next Steps Generate an -03 version post IETF 67 Request WG chair for Last Call on this document SIDR WG Meeting – November 2006

3 Changes for -09 Added: –Manifests to the SIA field in the profile of the certificate and the profile of the certificate request Retained: –RSYNC as a MUST in the access methods for retrieval of RPKI objects This has been the topic of discussion through various stages of review of this profile Dropped: –Subject Alternate Name

4 Next Steps - Again Generate an -10 version post IETF 70 –Complete manifest description in SIA Request WG chair for Last Call on this document – again

5 Some Musing about Validation Section 7.3 of the draft requires that the immediate superior certificate in the validation certificate path has a resource extension that encompasses the subordinate certificate. This is a nested encompassing constraint that is placed upon the resource extensions of all certificates in the validation certificate path

6 ResCert Validation Certificate Issued By Trust Anchor Validated Certificate issuer subject issuer subject issuer subject Resource Sets nested encompassing

7 An Alternate Approach Warning: All this could well be a Very Bad Idea –Is nested encompassing absolutely required in validation? –Would it be useful to relax this?

8 Alternate ResCert Validation Certificate Issued By Trust Anchor Validated Certificate issuer subject issuer subject issuer subject Resource Sets relaxed encompassing

9 Alternate Rescert Validation The resources of the certificate being validated are encompassed by the resource extensions in the validation certificate path, but the certificates in this path do not necessarily have to encompass each other

10 Alternate Rescert Validation Potential use in intersecting private use space contexts ? Private RPKI Context

11 Alternate Rescert Validation This really could be a Very Bad Idea! But if you have some opinions on this, it would be interesting to hear them!

Download ppt "Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 70."

Similar presentations

RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.

A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.
4-Byte AS number registry Policy Proposal [LACNIC Proposal 2006-04] Geoff Huston APNIC 25 May.

4-Byte AS number registry Policy Proposal [LACNIC Proposal ] Geoff Huston APNIC 25 May.
Experimental Internet Resource Allocations Philip Smith, Geoff Huston September 2002.

Experimental Internet Resource Allocations Philip Smith, Geoff Huston September 2002.
Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.

Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.
71 th IETF – Philadelphia, USA March 2008 PCECP Requirements and Protocol Extensions in Support of Global Concurrent Optimization Young Lee (Huawei) J-L.

71 th IETF – Philadelphia, USA March 2008 PCECP Requirements and Protocol Extensions in Support of Global Concurrent Optimization Young Lee (Huawei) J-L.
RPKI Certificate Policy Status Update Stephen Kent.

RPKI Certificate Policy Status Update Stephen Kent.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.

RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
RPKI Validation - Revisited draft-huston-rpki-validation-01.txt Geoff Huston George Michaelson APNIC Slide 1/19.

RPKI Validation - Revisited draft-huston-rpki-validation-01.txt Geoff Huston George Michaelson APNIC Slide 1/19.
RPKI Validation - Revisited draft-huston-rpki-validation-00.txt Geoff Huston George Michaelson APNIC.

RPKI Validation - Revisited draft-huston-rpki-validation-00.txt Geoff Huston George Michaelson APNIC.
Local TA Management In prior WG meetings I presented a model for local management of trust anchors for the RPKI In response to these presentations, a.

Local TA Management In prior WG meetings I presented a model for local management of trust anchors for the RPKI In response to these presentations, a.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Some Lessons Learned from Designing the Resource PKI Geoff Huston Chief Scientist, APNIC May 2007.

Some Lessons Learned from Designing the Resource PKI Geoff Huston Chief Scientist, APNIC May 2007.
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Similar presentations

Ads by Google