IETF Logo Mail Archive

Re: [sidr] Terry Manderson's Discuss on draft-ietf-sidr-rpsl-sig-11: (with DISCUSS and COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 19 May 2016 09:31 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B12712B00E; Thu, 19 May 2016 02:31:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.727
X-Spam-Level:
X-Spam-Status: No, score=-5.727 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffGfN2FthgL8; Thu, 19 May 2016 02:31:08 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 081E212B049; Thu, 19 May 2016 02:31:08 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 5749DBE32; Thu, 19 May 2016 10:31:06 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CG_pnLNFYk8p; Thu, 19 May 2016 10:31:02 +0100 (IST)
Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id EB637BDCC; Thu, 19 May 2016 10:31:01 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1463650262; bh=E3ewBJpmeWJC2S9d4v3Hd7/N3AJEHO+tbpBZevwjh9g=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=qgKHeErhIl1aYKQ+/K47wNdMV5aLTj4kzDWNsqCgtwoZQ2yogNvnqf9paP+BxzSjX g1Cf5DeeZ0BKceQHONcMRldjQqvx5Iu422rX17dvD9Y8M4l4xP6lGoSBqz7Qhb5ve6 HB/2w3Zd0ydXEehFTfstIK4/rpni+ljnpLLk3t74=
To: Tim Bruijnzeels <tim@ripe.net>, George Michaelson <ggm@algebras.org>
References: <20160518033754.24796.52937.idtracker@ietfa.amsl.com> <f1770d7b-7a16-6bab-91f7-dd6e41bb60ff@innovationslab.net> <35AEF9F7-FFAD-470B-9D0D-1D7BE7C7FE90@ripe.net> <d4872829-f267-2297-0abc-4820bbde07ed@innovationslab.net> <CAKr6gn2dekUfo6EAORAnOck=U-FoFsXreZ43KDT3X8SBRWG3HA@mail.gmail.com> <A50029AB-E12B-4945-8DB9-A4A0C937FE8C@ripe.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <573D87D5.2060609@cs.tcd.ie>
Date: Thu, 19 May 2016 10:31:01 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <A50029AB-E12B-4945-8DB9-A4A0C937FE8C@ripe.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms070703000309030300010501"
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/GRSovVuEutO2z4XSOhhxDi1fZ9g>
Cc: "Sandra L. Murphy" <sandy@tislabs.com>, sidr chairs <sidr-chairs@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-sidr-rpsl-sig@ietf.org, "sidr@ietf.org" <sidr@ietf.org>
Subject: Re: [sidr] Terry Manderson's Discuss on draft-ietf-sidr-rpsl-sig-11: (with DISCUSS and COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 09:31:11 -0000


On 19/05/16 08:43, Tim Bruijnzeels wrote:
> Hi all,
> 
> Actually, yes, I agree with George on in-line.
> 
> In-line would have my preference. Include the entire EE certificate
> in the signature field. This way it does not need to be fetched
> separately, and it does not need to appear in a repository or a
> manifest. Mandate that the EE certificate is signed by CA certificate
> in the RPKI (i.e. no longer chain possible). The EE certificate
> should have an AIA and AKI that can then be easily referenced against
> known CA certificates that a validator found.

Were I designing that I'd have a separate new attribute that
could contain one or more certs and I'd say that if the c=
field/URI in the signature attribute is empty (or has some
specified value such as "inband") then that means "look
at the cert-bucket attribute in this file."

The cert-bucket would then be expected to contain a base64
encoded cert chain. Consumers of that attribute would have
to ensure that nothing in it affects the local trust point
store but can otherwise throw the lot into their cert path
processing engine.

Assuming that the signatures on these files aren't very
long-lived you can probably input the cert-bucket attribute
into the signature. If signatures commonly need to be ok
to verify even after certificate expiry (e.g. if a new
cert was issued for the same key pair in an update operation)
then you'd not want the cert-bucket in the signature maybe.

There're various non-compelling but goodish reasons to do it
that way. Maybe the best ones are around making it easy to
use existing tooling (openssl etc) for the verifier.

I'm not sure what benefit ensues from insisting that the EE
cert very strictly adhere to all ithe RPKI rules, but I
reckon you do want to be able to use the same PKI for sure.
So were it me, I'd try craft text saying "you're very likely
to want to use an RPKI CA for issuing the cert used to
verify the signature attribute so your code MUST support
doing that, but there can be other equally standard PKI
options too that are useful to support."

> 
> So in short: a validator can do its normal top-down validation for a
> TA. And to perform bottom-up validation of a signed RPSL object the
> process of validating the EE cert would be fairly simple -> find a CA
> cert with SKI matching the AKI of the EE, verify the signature of the
> EE (proof of possession), verify the CRL. Omitting the other checks
> here - would be good to specify this explicitly in the document, but
> for the discussion here seems excessive.

Yep.

Cheers,
S.

> 
> I think there was some discussion around this earlier and back then
> the thought was that we wouldn't want to make the RPSL objects
> bigger. However, I don't know if that should be a concern. The way I
> see it looking at our own whois implementation I imagine that this
> field could actually only be shown to RPs when they supply an
> additional flag, if size is a concern. And in our web UI (ad-hoc
> queries by humans) we would not show the signature field as is, but
> process it and highlight signed fields somehow.
> 
> Tim
> 
> 
>> On 19 May 2016, at 00:39, George Michaelson <ggm@algebras.org>
>> wrote:
>> 
>> I would rather the sigs were signed by ee certs which were in the 
>> blob, than have to make an external reference and I would rather
>> we varied the compliance needs to remove a pointless external ref.
>> 
>> If there has to be a ref, I think making it mandated to a specific 
>> scheme is over specifying, especially in a context where we might 
>> begin to understand *where you get cryptographic materials from is 
>> less important than proving who said them*.
>> 
>> Rsync is a bad fit. for the actual signing cert, Inline is better.
>> It can refer to whatever chain it likes.
>> 
>> -G
>> 
>> On Thu, May 19, 2016 at 1:02 AM, Brian Haberman 
>> <brian@innovationslab.net> wrote:
>>> Hi Tim,
>>> 
>>> On 5/18/16 10:32 AM, Tim Bruijnzeels wrote:
>>>> Hi,
>>>> 
>>>>> On 18 May 2016, at 15:08, Brian Haberman
>>>>> <brian@innovationslab.net> wrote:
>>>>> 
>>>>> Hi Terry,
>>>>> 
>>>>> On 5/17/16 11:37 PM, Terry Manderson wrote:
>>>>>> Terry Manderson has entered the following ballot position
>>>>>> for draft-ietf-sidr-rpsl-sig-11: Discuss
>>>>>> 
>>>>>> When responding, please keep the subject line intact and
>>>>>> reply to all email addresses included in the To and CC
>>>>>> lines. (Feel free to cut this introductory paragraph,
>>>>>> however.)
>>>>>> 
>>>>>> 
>>>>>> Please refer to 
>>>>>> https://www.ietf.org/iesg/statement/discuss-criteria.html
>>>>>> for more information about IESG DISCUSS and COMMENT
>>>>>> positions.
>>>>>> 
>>>>>> 
>>>>>> The document, along with other ballot positions, can be
>>>>>> found here:
>>>>>> https://datatracker.ietf.org/doc/draft-ietf-sidr-rpsl-sig/
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> ----------------------------------------------------------------------
>>>>>>
>>>>>>
>>>
>>>>>> 
DISCUSS:
>>>>>> ----------------------------------------------------------------------
>>>>>>
>>>>>>
>>>>>>
>>>
>>>>>> 
Thank you for putting substantial effort into this document.
>>>>>> 
>>>>>> I have a few discusses. I hope they can be resolved
>>>>>> quickly.
>>>>>> 
>>>>>> In Section 2.1. The reference to the aligned certificate
>>>>>> which has the same private key that signed the RPSL object
>>>>>> is mandatory, and defined by a RSYNC URL or a HTTP(S) URL.
>>>>>> My question surrounds the "or". The architecture of RPKI
>>>>>> (IIRC) is centered around RSYNC, and thus SIA/AIA values
>>>>>> MUST have a RSYNC URL, and MAY have other types. By this
>>>>>> are you leaving it to the issuing party to control the RPKI
>>>>>> Distribution mechanisms of the Replying Party? I am quite
>>>>>> comfortable with "or" personally, however this facet of
>>>>>> fetching the RPSL Certificate to validate the private key
>>>>>> usage is seemingly orthogonal to the RPKI architecture of
>>>>>> RSYNC preferred and should be called out if 'or' is the
>>>>>> clear intention. Or, has the consensus of the WG moved on 
>>>>>> from being wedded to RSYNC?
>>>>> 
>>>>> I am not aware of the WG moving away from their rsync
>>>>> leanings...
>>>> 
>>>> My take on this: for the moment I would stick to rsync as it's 
>>>> required and EE certificates appearing in the rsync repository,
>>>> and leave out http(s).
>>>> 
>>> 
>>> If the consensus is to remove mention of an http(s) URI, I can
>>> live with that. The current state of affairs within the SIDR
>>> documentation is such that only an rsync URI will be feasible in
>>> the near future. I don't believe that the mention of an http(s)
>>> URI in this context affects that one way or the other.
>>> 
>>> Regards, Brian
>>> 
>>> 
>>> 
>>> _______________________________________________ sidr mailing
>>> list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
>>> 
>> 
>> _______________________________________________ sidr mailing list 
>> sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
>

v2.23.0 | Report a Bug | By Email