draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-00.txt   draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-01.txt 
Internet Engineering Task Force (IETF) S. Turner Internet Engineering Task Force (IETF) S. Turner
Internet-Draft sn3rd Internet-Draft sn3rd
Updates: 8208 (if approved) O. Borchert Updates: 8208 (if approved) O. Borchert
Intended status: Standards Track NIST Intended status: Standards Track NIST
Expires: September 2, 2018 March 1, 2018 Expires: September 6, 2018 March 5, 2018
BGPsec Algorithms, Key Formats, and Signature Formats BGPsec Algorithms, Key Formats, and Signature Formats
draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-00 draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-01
Abstract Abstract
This document specifies the algorithms, algorithm parameters, This document specifies the algorithms, algorithm parameters,
asymmetric key formats, asymmetric key sizes, and signature formats asymmetric key formats, asymmetric key sizes, and signature formats
used in BGPsec (Border Gateway Protocol Security). This document used in BGPsec (Border Gateway Protocol Security). This document
updates RFC 8208 ("BGPsec Algorithms, Key Formats, and Signature updates RFC 8208 ("BGPsec Algorithms, Key Formats, and Signature
Formats") by adding Special-Use Algorithm IDs and correcting the Formats") by adding Special-Use Algorithm IDs and correcting the
range of unassigned algorithms IDs to fill the complete range. range of unassigned algorithms IDs to fill the complete range.
skipping to change at page 2, line 37 skipping to change at page 2, line 37
2.2. Signature Algorithms . . . . . . . . . . . . . . . . . . . 5 2.2. Signature Algorithms . . . . . . . . . . . . . . . . . . . 5
2.2.1. Algorithm ID 0x01 - (ECDSA-P256) . . . . . . . . . . . 5 2.2.1. Algorithm ID 0x01 - (ECDSA-P256) . . . . . . . . . . . 5
3. Asymmetric Key Pair Formats . . . . . . . . . . . . . . . . . 6 3. Asymmetric Key Pair Formats . . . . . . . . . . . . . . . . . 6
3.1. Asymmetric Key Pair for Algorithm ID 0x01 - (ECDSA-p256) . 6 3.1. Asymmetric Key Pair for Algorithm ID 0x01 - (ECDSA-p256) . 6
3.1.1. Public Key Format . . . . . . . . . . . . . . . . . . 6 3.1.1. Public Key Format . . . . . . . . . . . . . . . . . . 6
3.1.2. Private Key Format . . . . . . . . . . . . . . . . . . 6 3.1.2. Private Key Format . . . . . . . . . . . . . . . . . . 6
4. Signature Formats . . . . . . . . . . . . . . . . . . . . . . 6 4. Signature Formats . . . . . . . . . . . . . . . . . . . . . . 6
5. Additional Requirements . . . . . . . . . . . . . . . . . . . 6 5. Additional Requirements . . . . . . . . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
8.1. Normative References . . . . . . . . . . . . . . . . . . . 8 8.1. Normative References . . . . . . . . . . . . . . . . . . . 9
8.2. Informative References . . . . . . . . . . . . . . . . . . 10 8.2. Informative References . . . . . . . . . . . . . . . . . . 11
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 11 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 12
A.1. Topology and Experiment Description . . . . . . . . . . . 11 A.1. Topology and Experiment Description . . . . . . . . . . . 12
A.2. Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 A.2. Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
A.3. BGPsec IPv4 . . . . . . . . . . . . . . . . . . . . . . . 15 A.3. BGPsec IPv4 . . . . . . . . . . . . . . . . . . . . . . . 16
A.4. BGPsec IPv6 . . . . . . . . . . . . . . . . . . . . . . . 18 A.4. BGPsec IPv6 . . . . . . . . . . . . . . . . . . . . . . . 19
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 21 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction 1. Introduction
This document specifies the following: This document specifies the following:
o the digital signature algorithm and parameters, o the digital signature algorithm and parameters,
o the hash algorithm and parameters, o the hash algorithm and parameters,
o the algorithm identifier assignment and classification, o the algorithm identifier assignment and classification,
skipping to change at page 7, line 31 skipping to change at page 7, line 31
"BGPsec Algorithm Suite Registry" in the Resource Public Key "BGPsec Algorithm Suite Registry" in the Resource Public Key
Infrastructure (RPKI) group. The one-octet "BGPsec Algorithm Suite Infrastructure (RPKI) group. The one-octet "BGPsec Algorithm Suite
Registry" identifiers assigned by IANA identify the digest algorithm Registry" identifiers assigned by IANA identify the digest algorithm
and signature algorithm used in the BGPsec Signature_Block List's and signature algorithm used in the BGPsec Signature_Block List's
Algorithm Suite Identifier field. Algorithm Suite Identifier field.
IANA has registered a single algorithm suite identifier for the IANA has registered a single algorithm suite identifier for the
digest algorithm SHA-256 [SHS] and for the signature algorithm ECDSA digest algorithm SHA-256 [SHS] and for the signature algorithm ECDSA
on the P-256 curve [RFC6090] [DSS]. on the P-256 curve [RFC6090] [DSS].
IANA is asked to modify the previously registered "Unassigned"
address space.
Algorithm Digest Signature Specification
Suite Algorithm Algorithm Pointer
Identifier
+------------+---------------+--------------+-----------------------+
| 0x2-0xEF | Unassigned | Unassigned | |
+------------+---------------+--------------+-----------------------+
To be modified into:
Algorithm Digest Signature Specification
Suite Algorithm Algorithm Pointer
Identifier
+------------+---------------+--------------+-----------------------+
| 0x2-0xFA | Unassigned | Unassigned | |
+------------+---------------+--------------+-----------------------+
In addition IANA is asked to register the following address space for
"Special-Use":
Algorithm Digest Signature Specification
Suite Algorithm Algorithm Pointer
Identifier
+------------+---------------+--------------+-----------------------+
| 0xFB-0xFE | Special-Use | Special-Use | This Document |
+------------+---------------+--------------+-----------------------+
After the requested modification, the "BGPsec Algorithm Suite
Registry" in the RPKI group should contain the following values:
BGPsec Algorithm Suite Registry BGPsec Algorithm Suite Registry
Algorithm Digest Signature Specification Algorithm Digest Signature Specification
Suite Algorithm Algorithm Pointer Suite Algorithm Algorithm Pointer
Identifier Identifier
+------------+---------------+--------------+-----------------------+ +------------+---------------+--------------+-----------------------+
| 0x00 | Reserved | Reserved | This document | | 0x00 | Reserved | Reserved | This document |
+------------+---------------+--------------+-----------------------+ +------------+---------------+--------------+-----------------------+
| 0x01 | SHA-256 | ECDSA P-256 | [SHS] [DSS] [RFC6090] | | 0x01 | SHA-256 | ECDSA P-256 | [SHS] [DSS] [RFC6090] |
| | | | This document | | | | | This document |
 End of changes. 4 change blocks. 
12 lines changed or deleted 43 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/