Re: [secdir] Secdir review of draft-ietf-sidr-res-certs

Stephen Kent <kent@bbn.com> Wed, 04 May 2011 08:01 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A57D5E076E; Wed, 4 May 2011 01:01:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.98
X-Spam-Level:
X-Spam-Status: No, score=-104.98 tagged_above=-999 required=5 tests=[AWL=1.619, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5CfHf0Wjo9ZI; Wed, 4 May 2011 01:01:49 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id D19AEE06D4; Wed, 4 May 2011 01:01:49 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:37521 helo=[193.0.26.186]) by smtp.bbn.com with esmtp (Exim 4.74 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1QHX1o-0007sw-B6; Wed, 04 May 2011 04:01:48 -0400
Mime-Version: 1.0
Message-Id: <p06240803c9e6ae6a7fe9@[193.0.26.186]>
In-Reply-To: <tslk4e7a14w.fsf@mit.edu>
References: <tslhbbag9m1.fsf@mit.edu> <4D791B26.8020001@vpnc.org> <tsl4o7ag5fw.fsf@mit.edu> <4D79271E.6080707@vpnc.org> <tslzkp2elyf.fsf@mit.edu> <p06240801c9ce424e70b1@[128.89.89.62]> <tsl62q2tj33.fsf@mit.edu> <p06240808c9e45144c8f9@[10.242.22.94]> <tslr58fbz9t.fsf@mit.edu> <p06240800c9e604898d1c@[193.0.26.186]> <tslk4e7a14w.fsf@mit.edu>
Date: Wed, 4 May 2011 04:00:18 -0400
To: Sam Hartman <hartmans-ietf@mit.edu>
From: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Cc: draft-ietf-sidr-res-certs@tools.ietf.org, Sam Hartman <hartmans-ietf@mit.edu>, ietf@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-sidr-res-certs
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2011 08:01:50 -0000

At 6:07 PM -0400 5/3/11, Sam Hartman wrote:
>  >>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes:
>
>
>     >>
>     >> I guess the only question I'd have remaining is whether ROAs or
>     >> other signed objects are intended to be used in other protocols
>     >> besides simply living in the SIDR repository?
>
>     Stephen> The RPKI repository is designed to support a specific,
>     Stephen> narrow set of apps. That's what the CP says, and we try to
>     Stephen> make these certs unattractive for other apps, e.g., by use
>     Stephen> of the non-meaningful names.
>
>You had mentioned that about the PKI before.  Now, though I'm focusing
>on the ROAs and other signed objects, not the certificates and CRLs.  Do
>these narrow applications involve simply storing these objects in the
>repository, or are there plans to use ROAs or other signed objects as
>elements in protocols?  At least years ago, for example, there was
>discussion of carrying signatures of objects in BGP. I understand that's
>not within SIDR's current charter, but is SIDR intended to support that
>style of use, or have things been narrowed to a point where that would
>require reworking details of the repository and PKI?
>
>If the answer is that those sorts of uses are not in scope for the SIDR
>architecture, then I think you've basically resolved my concerns.

Sam,

You might want to look again at the SIDR charter, since it has just 
been revised to include BGP path validation. The path validation 
approach being pursued makes use of the RPKI, consistent with the 
scope of the CP, not surprisingly.

The BGPSEC protocol being defined does not pass around ROAs or other 
RPKI repository objects. It defines two new, signed objects that are 
passed in UPDATE messages, and are not stored in the repository. 
These objects are verified using RPKI certs and CRLs, so there is a 
linkage.

Does that answer your question?

Steve