Re: [sidr] RPKI <-> allocation consistency

[Eric Osterweil <eosterweil@verisign.com>]

Thanks Steve, this is very helpful!

However, I was also referring to the consistency model as viewed by the RPs.  I think this wasn't clear in my email, sorry.  Clearly the structure served by CAs (which you outlined below) is a critical first step.  To that point, I think I mentioned some of this in a follow-on email to this thread.  However, I think the consistency model of the RPs (i.e. will they all have the same view/time ordered view/partial view/etc. of these certs) is an important consideration too, right?

Eric

On Aug 25, 2012, at 5:19 AM, Stephen Kent wrote:

> Eric,
> 
> The short answer to your question is that each CA is supposed to ensure that the certs it issues match its allocation database. This applies to both cert issuance and cert revocation. A quick look at the RPKI RFCs provides a few examples of statements about the RPKI consistency model.
> 
> Steve
> -----
> 
> RFC 6487 (Certificate Profile)
>  
> Intro:
>  
>    Resource certificates are to be used in a manner that is consistent
>    with the RPKI Certificate Policy (CP) [RFC6484].  They are issued by
>    entities that assign and/or allocate public INRs, and thus the RPKI
>    is aligned with the public INR distribution function.
>  
>    The specific goal for the associated RPKI is to precisely match the INR
>    allocation structure through an aligned certificate structure
>    that describes the allocation and its context within the INR
>    distribution hierarchy.
>  
>  
>  
>  
> RFC 6484 (RPKI CP)
>  
> Overview
>  
>  
>    This PKI is designed to support validation of claims by current
>    holders of INRs, in accordance with the records of the organizations
>    that act as Certification Authorities (CAs) in this PKI.
>  
>  
> Section 3.3.2.  Identification and Authentication for Re-Key after Revocation
>  
>    Each CA operating within the context of this PKI MUST employ
>    procedures to ensure that each certificate it issues accurately
>    reflects its records with regard to the organization to which the CA
>    has distributed the INRs identified in the certificate.  The specific
>    procedures employed for this purpose MUST be described by the CPS for
>    each CA.
>  
>  
> Section 3.4.  Identification and Authentication for Revocation Request
>  
>    Each CA operating within the context of this PKI MUST employ
>    procedures to ensure that:
>  
>    o  an organization requesting revocation is the legitimate holder of
>       the certificate to be revoked.
>  
>    o  each certificate it revokes accurately reflects its records with
>       regard to the organization to which the CA has distributed the
>       INRs identified in the certificate.
>  
> Section 4.2.2.  Approval or Rejection of Certificate Applications
>  
>    Certificate applications MUST be approved based on the normal
>    business practices of the entity operating the CA, based on the CA's
>    records of INR holders.
> 
> 
>> Indeed, I vaguely recall some conversations (on the list?) about the specific consistency model that the RPKI is trying to achieve.  I wasn't able to unearth the thread, but what was the conclusion?  That is, what is the consistency model that the RPKI design team is striving for?
>> 
>> Thanks,
>> 
>> Eric
>> 
>> 
>