roa content proposal n.
Download
Skip this Video
Download Presentation
ROA Content Proposal

Loading in 2 Seconds...

play fullscreen
1 / 8

ROA Content Proposal - PowerPoint PPT Presentation


  • 71 Views
  • Uploaded on

ROA Content Proposal. November 2006 Geoff Huston. EE Resource Certificates. End Entity (no-CA) Certificates used as one-off ROA signing certificates EE cert can be used for a single-use ROA signing Private key is destroyed after a single use

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'ROA Content Proposal' - jillian-bernard


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
roa content proposal

ROA Content Proposal

November 2006

Geoff Huston

ee resource certificates
EE Resource Certificates
  • End Entity (no-CA) Certificates used as one-off ROA signing certificates
    • EE cert can be used for a single-use ROA signing
    • Private key is destroyed after a single use
    • EE Cert SIA is a pointer to the object that has been signed with the corresponding private key
    • ROA validity and resource attributes are controlled by the associated EE certificate(s)
what information is required for a roa
What Information is required for a ROA?
  • Originating AS
  • IP Address Set
  • Period of the Authority (Start & End Times)
  • Information to allow a relying party to validate that:
    • The address set is valid
    • The ROA was generated by the address holder
    • The ROA has not been altered
    • The ROA is valid
what information is required for a roa1
What Information is required for a ROA?
  • Originating AS

In the ROA

  • IP Address Set

In the EE Cert (or in the ROA?)

  • Period of the Authority (Start & End Times)

In the EE Cert

  • Information to allow a relying party to validate that:
    • The address set is valid
    • The ROA was generated by the address holder
    • The ROA has not been altered
    • The ROA is valid

In the EE Cert, plus a Trust Anchor set

roa template 1
ROA Template (1)

ROA Contents:

  • AS Number
  • Address Resource Set
  • Signature(s) across the join of items 1 + 2
  • Pointers to EE Cert(s)
alternate roa template 2
Alternate ROA Template (2)

ROA Contents:

  • AS Number
  • Pointers (URLs) of EE Cert(s)
  • Signature(s) across the join of items 1 + 2
alternate roa template 3
Alternate ROA Template (3)

ROA Contents:

  • AS Number
  • EE Cert(s)
  • Signature(s) across the join of items 1 + 2
alternate roa template 4
Alternate ROA Template (4)

ROA Contents:

  • AS Number
  • Hash(es) of EE Cert(s)
  • Signature(s) across the join of items 1 + 2