[sidr] RPKI: Are relying parties really supposed to validate DER encoding?

Alberto Leiva <ydahhrk@gmail.com> Thu, 10 January 2019 22:26 UTC

Return-Path: <ydahhrk@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DF7813128F for <sidr@ietfa.amsl.com>; Thu, 10 Jan 2019 14:26:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8GshbcFxoUrh for <sidr@ietfa.amsl.com>; Thu, 10 Jan 2019 14:26:50 -0800 (PST)
Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC8D8131287 for <sidr@ietf.org>; Thu, 10 Jan 2019 14:26:49 -0800 (PST)
Received: by mail-wm1-x342.google.com with SMTP id f188so552447wmf.5 for <sidr@ietf.org>; Thu, 10 Jan 2019 14:26:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=xLhHLjcgRPWq5jGY2sPA6NPUVvc65ZkrlTMS0pAB7oA=; b=MmLTOteLWlLXUyumOfeVdGeDuLPdn4F/gjG7YMwhhCUMQlK/sSaznWhRq9j99kiPSC yRqyG4R4VFgHrl7ipdeFxNpgHNlJ4J6PImDE8iL6Ngd60fj1a+GxHX1MiMwyVPccNsXZ 4IX+0kXwYEqPYiB13Ao+zVjZ8C3ZnM+1PqSF3odP7L28vp3vLY+vVl6jz/1eM2Zdk1tF P0PFwO1Hv27pJNajcd7TitbZHwroTkjntRaQWK8Qs0VZMnuOgAZvOXDlzjU2bvNWgCNC Sfr+785ScBrOP27xZ40hOy0UBaajQDdMjS1yjcV+avTv5DKB0MJd1/oel2w2/j/uOtvj +0Fw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=xLhHLjcgRPWq5jGY2sPA6NPUVvc65ZkrlTMS0pAB7oA=; b=m9MTBZ5blPvCHNfMcJI8bxr9nOpr5KsUMhUXqJE9OrWMVZuBnf/Pbijhwe5zUbZshf dCbaASPei8n4n3embRPX/d2isjlew9E3eKnxob9SUT+2LFMGI0Ed9fYMqQcDl2K+pjon DLwtkdNyZxrNjakODB/XVVZOWbC+oZQAXu4+PUlBv577GxCM1FnvoilVRTLVv5T3WRJA 26pLLZtwozKEL58N8XHvb1dTqOUuJkYS8t4a1Bg0XXViAGsO6nxVcJcVlinTQoSNTQjT t+eZPZiU418SsX7uUhkFBNnmlNeuKiUpqDO4S6QMNCnY63Gtcl6U3AKJoZ/ecxyjl6Ae sruA==
X-Gm-Message-State: AJcUukeY3DnVfRb2r7kVTNuUz8lwfzsBpmRPxRyV8GN+g5i/7QZaSo46 5EEVG/H9+G+mUXLOeI7mn+AC+DQsyTgrU1RvHzcQ+KT+
X-Google-Smtp-Source: ALg8bN6HfVQ/mfXXQmLedeQKlqpFmBPYSwDqlXPyieIHn0KcI+BzcdgvRuYTXCvc3Mm6J+a3iJRVNmAYVHufGvZoMPo=
X-Received: by 2002:a1c:1f83:: with SMTP id f125mr504576wmf.56.1547159208275; Thu, 10 Jan 2019 14:26:48 -0800 (PST)
MIME-Version: 1.0
From: Alberto Leiva <ydahhrk@gmail.com>
Date: Thu, 10 Jan 2019 16:26:37 -0600
Message-ID: <CAA0dE=X-hjb8UY6Gm_QJP+Vwqp5d8ho6rjYxZ4vSVF9SctAN_g@mail.gmail.com>
To: sidr@ietf.org, mlepinski@bbn.com, achi@bbn.com, kent@bbn.com, skent@bbn.com, dkong@bbn.com
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/FX4ugZ2KlNpz9oeAsh1VFppGOio>
Subject: [sidr] RPKI: Are relying parties really supposed to validate DER encoding?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jan 2019 22:26:52 -0000

Hello.

I have a question:

RFC 6488 section 3.1.l (https://tools.ietf.org/html/rfc6488#section-3)
wants relying parties (RPs) to validate that all RPKI signed objects
are DER-encoded, which (I think) means that they must be BER-encoded
with minimal and unique representations.

But I have found at least one other requirement that seems to
contradict this: RFC 6482 section 3.3, fourth paragraph, second half,
claims that a ROA (which is a signed object) is allowed to contain
redundant ROAIPAddress elements.

Furthermore, RFC 3779 (which is meaningfully referenced by the ROA and
RPKI certificate (6487) RFCs) states the following:

   relying parties do
   not need to sort the information, or to implement extra code in the
   subset checking algorithms to handle several boundary cases
   (adjacent, overlapping, or subsumed ranges).

Which seems to be paraphraseable as "RPs can parse signed objects as
if they were BER-encoded, without worrying about DER."

In fact, my reading of it is that the entirety of RFC 3779 seems to be
of the mind that IP and AS extension writers are intended to strictly
adhere to DER specifically for the sake of simplifying the task of
RPs. RFC 6488, on the other hand, wants both to be strict.

So what's the consensus?