draft-ietf-sidr-arch-03 draft-ietf-roa-format-04 - PowerPoint PPT Presentation

About This Presentation
Title:

draft-ietf-sidr-arch-03 draft-ietf-roa-format-04

Description:

Attempt to clarify the role of this infrastructure as a necessary first step in the SIDR work. Textual changes to provide consistency with other SIDR documents ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 10
Provided by: ietf
Learn more at: https://www.ietf.org
Category:
Tags: arch | consistency | draft | format | ietf | roa | sidr

less

Transcript and Presenter's Notes

Title: draft-ietf-sidr-arch-03 draft-ietf-roa-format-04


1
draft-ietf-sidr-arch-03draft-ietf-roa-format-04
  • Matt Lepinski
  • BBN Technologies

2
SIDR Arch -03
  • Changes since -02
  • Improved abstract introduction text
  • Attempt to clarify the role of this
    infrastructure as a necessary first step in the
    SIDR work
  • Textual changes to provide consistency with other
    SIDR documents
  • (e.g. res-cert, roa-format, manifest)
  • No Open Issues --- Please Read

3
ROA Format -04
  • Changes since -03
  • Clarified text on ROA validity
  • As per list discussion, addresses in a ROA must
    be a subset of EE certificate IP addresses
  • (Previous text required an exact match)

4
ROA Format -04
  • Changes since -03
  • Clarified text on ROA validity
  • As per list discussion, addresses in a ROA must
    be a subset of EE certificate IP addresses
  • (Previous text required an exact match)
  • Open Issue
  • Multiple Signatures on a single ROA

5
Transition Consideration
  • During periods of partial deployment it is
    difficult to distinguish between
  • Address Space Holder has not yet upgraded and is
    unable to issue ROAs
  • Address Space Holder chooses not to issue ROAs
    for a given segment of address space
  • (e.g. IANA or RIR unallocated space)
  • Proposal
  • ROA for AS Zero is interpreted as
  • I am able to issue ROAs, but I dont want
    this address space to be globally routable

6
Thank You
7
Backup Multiple ROA Signatures
ISP A (CA) 10.1/16
ISP A (CA) 10.0/16
ISP A (EE) 10.1/16
ISP A (EE) 10.0/16
ROA 10.1/16
ROA 10.0./16
  • A single ISP with two CA certificates
  • one for 10.0/16 and 10.1/16
  • cannot authorize the advertisement of 10.0/15

8
Backup Multiple ROA Signatures
  • Proposed Solution
  • Allow multiple signatures on a ROA

ISP A (CA) 10.1/16
ISP A (CA) 10.0/16
ISP A (EE) 10.1/16
ISP A (EE) 10.0/16
ROA 10.0./15
SignerInfo
SignerInfo
9
Backup Multiple ROA Signatures
  • Validity of ROAs with multiple signatures
  • A ROA is valid if and only if
  • The ROA complies with the syntax specification
  • EVERY signature on the ROA can be verified by a
    valid end-entity certificate
  • The union of the IP addresses in the end-entity
    certificates is EQUAL to the IP addresses in the
    ROA
  • All invalid ROAs are treated the same, regardless
    of whether or not they contain a verifiable
    signature
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "draft-ietf-sidr-arch-03 draft-ietf-roa-format-04" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!