1 / 8

ROA Content Proposal

ROA Content Proposal. November 2006 Geoff Huston. EE Resource Certificates. End Entity (no-CA) Certificates used as one-off ROA signing certificates EE cert can be used for a single-use ROA signing Private key is destroyed after a single use

jillian-bernard
Download Presentation

ROA Content Proposal

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ROA Content Proposal November 2006 Geoff Huston

  2. EE Resource Certificates • End Entity (no-CA) Certificates used as one-off ROA signing certificates • EE cert can be used for a single-use ROA signing • Private key is destroyed after a single use • EE Cert SIA is a pointer to the object that has been signed with the corresponding private key • ROA validity and resource attributes are controlled by the associated EE certificate(s)

  3. What Information is required for a ROA? • Originating AS • IP Address Set • Period of the Authority (Start & End Times) • Information to allow a relying party to validate that: • The address set is valid • The ROA was generated by the address holder • The ROA has not been altered • The ROA is valid

  4. What Information is required for a ROA? • Originating AS In the ROA • IP Address Set In the EE Cert (or in the ROA?) • Period of the Authority (Start & End Times) In the EE Cert • Information to allow a relying party to validate that: • The address set is valid • The ROA was generated by the address holder • The ROA has not been altered • The ROA is valid In the EE Cert, plus a Trust Anchor set

  5. ROA Template (1) ROA Contents: • AS Number • Address Resource Set • Signature(s) across the join of items 1 + 2 • Pointers to EE Cert(s)

  6. Alternate ROA Template (2) ROA Contents: • AS Number • Pointers (URLs) of EE Cert(s) • Signature(s) across the join of items 1 + 2

  7. Alternate ROA Template (3) ROA Contents: • AS Number • EE Cert(s) • Signature(s) across the join of items 1 + 2

  8. Alternate ROA Template (4) ROA Contents: • AS Number • Hash(es) of EE Cert(s) • Signature(s) across the join of items 1 + 2

More Related