Resource Certificate Profile - PowerPoint PPT Presentation

About This Presentation
Title:

Resource Certificate Profile

Description:

Generate an -03 version post IETF 67. Request WG chair for Last Call on this document. SIDR WG Meeting November 2006. Changes ... Some Musing about Validation ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 12
Provided by: gih
Category:

less

Transcript and Presenter's Notes

Title: Resource Certificate Profile


1
Resource Certificate Profile
  • Geoff Huston, George Michaelson, Rob Loomans
  • APNIC
  • IETF 70

2
Was it only a year ago?
SIDR WG Meeting November 2006
Next Steps
  • Generate an -03 version post IETF 67
  • Request WG chair for Last Call on this document

3
Changes for -09
  • Added
  • Manifests to the SIA field in the profile of the
    certificate and the profile of the certificate
    request
  • Retained
  • RSYNC as a MUST in the access methods for
    retrieval of RPKI objects
  • This has been the topic of discussion through
    various stages of review of this profile
  • Dropped
  • Subject Alternate Name

4
Next Steps - Again
  • Generate an -10 version post IETF 70
  • Complete manifest description in SIA
  • Request WG chair for Last Call on this document
    again

5
Some Musing about Validation
  • Section 7.3 of the draft requires that the
    immediate superior certificate in the validation
    certificate path has a resource extension that
    encompasses the subordinate certificate.
  • This is a nested encompassing constraint that
    is placed upon the resource extensions of all
    certificates in the validation certificate path

6
ResCert Validation
Certificate Issued By Trust Anchor
issuer
subject
issuer
subject
Validated Certificate
issuer
subject
Resource Sets
nested encompassing
7
An Alternate Approach
  • Warning All this could well be a Very Bad Idea
  • Is nested encompassing absolutely required in
    validation?
  • Would it be useful to relax this?

8
Alternate ResCert Validation
Certificate Issued By Trust Anchor
issuer
subject
issuer
subject
Validated Certificate
issuer
subject
Resource Sets
relaxed encompassing
9
Alternate Rescert Validation
  • The resources of the certificate being validated
    are encompassed by the resource extensions in the
    validation certificate path, but the certificates
    in this path do not necessarily have to encompass
    each other

10
Alternate Rescert Validation
  • Potential use in intersecting private use space
    contexts

?
Private RPKI Context
Private RPKI Context
11
Alternate Rescert Validation
  • This really could be a Very Bad Idea!
  • But if you have some opinions on this, it would
    be interesting to hear them!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Resource Certificate Profile" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!