--- 1/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-00.txt 2018-03-05 16:15:05.110838179 -0800 +++ 2/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-01.txt 2018-03-05 16:15:05.226840978 -0800 @@ -1,19 +1,19 @@ Internet Engineering Task Force (IETF) S. Turner Internet-Draft sn3rd Updates: 8208 (if approved) O. Borchert Intended status: Standards Track NIST -Expires: September 2, 2018 March 1, 2018 +Expires: September 6, 2018 March 5, 2018 BGPsec Algorithms, Key Formats, and Signature Formats - draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-00 + draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-01 Abstract This document specifies the algorithms, algorithm parameters, asymmetric key formats, asymmetric key sizes, and signature formats used in BGPsec (Border Gateway Protocol Security). This document updates RFC 8208 ("BGPsec Algorithms, Key Formats, and Signature Formats") by adding Special-Use Algorithm IDs and correcting the range of unassigned algorithms IDs to fill the complete range. @@ -63,30 +63,30 @@ 2.2. Signature Algorithms . . . . . . . . . . . . . . . . . . . 5 2.2.1. Algorithm ID 0x01 - (ECDSA-P256) . . . . . . . . . . . 5 3. Asymmetric Key Pair Formats . . . . . . . . . . . . . . . . . 6 3.1. Asymmetric Key Pair for Algorithm ID 0x01 - (ECDSA-p256) . 6 3.1.1. Public Key Format . . . . . . . . . . . . . . . . . . 6 3.1.2. Private Key Format . . . . . . . . . . . . . . . . . . 6 4. Signature Formats . . . . . . . . . . . . . . . . . . . . . . 6 5. Additional Requirements . . . . . . . . . . . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 - 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 - 8.1. Normative References . . . . . . . . . . . . . . . . . . . 8 - 8.2. Informative References . . . . . . . . . . . . . . . . . . 10 - Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 11 - A.1. Topology and Experiment Description . . . . . . . . . . . 11 - A.2. Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 - A.3. BGPsec IPv4 . . . . . . . . . . . . . . . . . . . . . . . 15 - A.4. BGPsec IPv6 . . . . . . . . . . . . . . . . . . . . . . . 18 - Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 21 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 + 8.1. Normative References . . . . . . . . . . . . . . . . . . . 9 + 8.2. Informative References . . . . . . . . . . . . . . . . . . 11 + Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 12 + A.1. Topology and Experiment Description . . . . . . . . . . . 12 + A.2. Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 + A.3. BGPsec IPv4 . . . . . . . . . . . . . . . . . . . . . . . 16 + A.4. BGPsec IPv6 . . . . . . . . . . . . . . . . . . . . . . . 19 + Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 22 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 1. Introduction This document specifies the following: o the digital signature algorithm and parameters, o the hash algorithm and parameters, o the algorithm identifier assignment and classification, @@ -289,20 +289,51 @@ "BGPsec Algorithm Suite Registry" in the Resource Public Key Infrastructure (RPKI) group. The one-octet "BGPsec Algorithm Suite Registry" identifiers assigned by IANA identify the digest algorithm and signature algorithm used in the BGPsec Signature_Block List's Algorithm Suite Identifier field. IANA has registered a single algorithm suite identifier for the digest algorithm SHA-256 [SHS] and for the signature algorithm ECDSA on the P-256 curve [RFC6090] [DSS]. + IANA is asked to modify the previously registered "Unassigned" + address space. + + Algorithm Digest Signature Specification + Suite Algorithm Algorithm Pointer + Identifier + +------------+---------------+--------------+-----------------------+ + | 0x2-0xEF | Unassigned | Unassigned | | + +------------+---------------+--------------+-----------------------+ + + To be modified into: + + Algorithm Digest Signature Specification + Suite Algorithm Algorithm Pointer + Identifier + +------------+---------------+--------------+-----------------------+ + | 0x2-0xFA | Unassigned | Unassigned | | + +------------+---------------+--------------+-----------------------+ + In addition IANA is asked to register the following address space for + "Special-Use": + + Algorithm Digest Signature Specification + Suite Algorithm Algorithm Pointer + Identifier + +------------+---------------+--------------+-----------------------+ + | 0xFB-0xFE | Special-Use | Special-Use | This Document | + +------------+---------------+--------------+-----------------------+ + + After the requested modification, the "BGPsec Algorithm Suite + Registry" in the RPKI group should contain the following values: + BGPsec Algorithm Suite Registry Algorithm Digest Signature Specification Suite Algorithm Algorithm Pointer Identifier +------------+---------------+--------------+-----------------------+ | 0x00 | Reserved | Reserved | This document | +------------+---------------+--------------+-----------------------+ | 0x01 | SHA-256 | ECDSA P-256 | [SHS] [DSS] [RFC6090] | | | | | This document |