draft-rgaglian-csi-send- name-type-registry Roque Gagliano Suresh - - PowerPoint PPT Presentation

▶

Oct 07, 2022 162 likes •216 views

draft-rgaglian-csi-send- name-type-registry Roque Gagliano Suresh Krishnan Ana Kukec SEND Trust Anchor Option: Defined in RFC 3971. Allows the identification of the TA by the host. Part of CPS message and form by: In RFC 3971

SLIDE 1

draft-rgaglian-csi-send- name-type-registry

Roque Gagliano Suresh Krishnan Ana Kukec

SLIDE 2

SEND Trust Anchor Option:

Defined in RFC 3971.
Allows the identification of the TA by the host.
Part of CPS message and form by:
In RFC 3971 two name types were defined but no

registry was created in the IANA section.

SLIDE 3

TA Across Admin Boundaries.

Administrative Domain (ex. ISP , enterprise)

TA

Certs and CRL Repository.

Host Local

Administrative Domain

Certs and CRL Repository.

Host Public

Certs and CRL Repository.

TA

SLIDE 4

New SKI Name Type

Subject Names and FQDN may not be

unique across different CAs.

CSI is using RPKI Cert Profiles where

subject names are normally meaningless and SKI is mandatory.

We take the same definition as written in the

cert draft:

The Key Identifier used here is the 160-bit SHA-1 hash of the value of the DER-encoded ASN.1 bit string of the subject public key, as described in Section 4.2.1.2 of [RFC5280].

SLIDE 5

draft-rgaglian-csi-send- name-type-registry Roque Gagliano Suresh - - PowerPoint PPT Presentation

draft-rgaglian-csi-send- name-type-registry

SEND Trust Anchor Option:

TA Across Admin Boundaries.

TA

Host Local

Host Public

TA

New SKI Name Type

unique across different CAs.

subject names are normally meaningless and SKI is mandatory.

cert draft:

Thanks

and should the WG adopt this document?