IETF Logo Mail Archive

[sidr] Template for RPKI signed objects and revised ROA format

Matt Lepinski <mlepinski@bbn.com> Fri, 20 August 2010 18:52 UTC

Return-Path: <mlepinski@bbn.com>
X-Original-To: sidr@core3.amsl.com
Delivered-To: sidr@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 49BEE3A6873 for <sidr@core3.amsl.com>; Fri, 20 Aug 2010 11:52:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ya7-Hoh2SqAB for <sidr@core3.amsl.com>; Fri, 20 Aug 2010 11:52:51 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id 5C58A3A6953 for <sidr@ietf.org>; Fri, 20 Aug 2010 11:52:51 -0700 (PDT)
Received: from [128.89.254.57] (port=1226) by smtp.bbn.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.71 (FreeBSD)) (envelope-from <mlepinski@bbn.com>) id 1OmWiT-000PlC-IL for sidr@ietf.org; Fri, 20 Aug 2010 14:53:25 -0400
Message-ID: <4C6ECF3A.4050803@bbn.com>
Date: Fri, 20 Aug 2010 14:53:46 -0400
From: Matt Lepinski <mlepinski@bbn.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100711 Thunderbird/3.0.6
MIME-Version: 1.0
To: sidr@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [sidr] Template for RPKI signed objects and revised ROA format
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Aug 2010 18:52:52 -0000

A significant portion of the SIDR ROA-Format draft is spent specifying 
the ASN.1 syntax for the CMS encapsulation of the ROA object. (Note also 
that the SIDR manifest document also includes this ASN.1 syntax for an 
identical CMS encapsulation.)

It was suggested to the authors of the ROA Format draft that the 
specification of any future RPKI signed objects would be made much 
simpler if we split the specification of the CMS encapsulation (which 
pertains to all RPKI signed objects) off from the stuff that is 
ROA-specific.

Therefore, we have produced the two attached drafts for your consideration:

draft-achi-rpki-signed-object is a generic template designed to simplify 
the specification of RPKI signed objects.
     Note that to instantiate the template and create a new type of RPKI 
signed object all you have to do is:
     1. Get an OID to identify the ContentType for the new type of 
signed object
     2. Specify the ASN.1 syntax for the content of the new type of 
signed object
     3. Specify any additional steps that are required for validating 
the new type of signed object (beyond the standard steps required for 
all RPKI signed objects which are specified in the rpki-signed-object draft)

draft-ietf-sidr-roa-format is a much shorter version of the roa-format 
draft which makes use of the generic signed object template and thus 
only specifies the ROA-specific stuff (that is, the three things I noted 
above).

Note that breaking up the ROA-format document in this fashion in no way 
changes the syntax or semantics of a ROA (i.e., nothing has changes 
besides the manner of documentation).

Please take a look at these documents and let us know if this is a good 
way forward. (If it is a good way forward we can easily change [i.e., 
shorten] the manifest document to use this signed-object template as well.)

- Matt Lepinski

v2.23.0 | Report a Bug | By Email