Re: [sidr] WGLC for draft-ietf-sidr-rpsl-sig-05.txt

Terry Manderson <terry.manderson@icann.org> Fri, 25 May 2012 01:35 UTC

Return-Path: <terry.manderson@icann.org>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAECC11E8080 for <sidr@ietfa.amsl.com>; Thu, 24 May 2012 18:35:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bvfQGODfL0ro for <sidr@ietfa.amsl.com>; Thu, 24 May 2012 18:35:27 -0700 (PDT)
Received: from EXPFE100-1.exc.icann.org (expfe100-1.exc.icann.org [64.78.22.236]) by ietfa.amsl.com (Postfix) with ESMTP id 5053221F845D for <sidr@ietf.org>; Thu, 24 May 2012 18:35:27 -0700 (PDT)
Received: from EXVPMBX100-1.exc.icann.org ([64.78.22.232]) by EXPFE100-1.exc.icann.org ([64.78.22.236]) with mapi; Thu, 24 May 2012 18:35:10 -0700
From: Terry Manderson <terry.manderson@icann.org>
To: "Murphy, Sandra" <Sandra.Murphy@sparta.com>, "sidr@ietf.org" <sidr@ietf.org>
Date: Thu, 24 May 2012 18:35:08 -0700
Thread-Topic: [sidr] WGLC for draft-ietf-sidr-rpsl-sig-05.txt
Thread-Index: Ac06Aa7Kr7T1RdCRRuOxqeSeKadtDgAFO9TD
Message-ID: <CBE51EEC.2610F%terry.manderson@icann.org>
In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F625F109D5@Hermes.columbia.ads.sparta.com>
Accept-Language: en-US
Content-Language: en
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3420790508_16603591"
MIME-Version: 1.0
Cc: "draft-ietf-sidr-rpsl-sig@tools.ietf.org" <draft-ietf-sidr-rpsl-sig@tools.ietf.org>
Subject: Re: [sidr] WGLC for draft-ietf-sidr-rpsl-sig-05.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2012 01:35:28 -0000

These are my comments on the draft draft-ietf-sidr-rpsl-sig-05

In the Introduction (Para 3) it says:

" A maintainer of such signed database objects MUST possess a relevant
resource certificate which shows him/her as the legitimate holder of an
Internet number resource"

I'm afraid I'm confused on how you make the jump to saying a maintainer of
RPSL objects has a resource certificate which lists the resources 'shows
him/her as the legitimate holder.' There is no identity information in the
resource certificate.

Further (and in the Abstract) says " are done by the legitimate holder(s) of
the internet resources". I think this is misaligned. Many legitimate
resource holders (that aren't in the ISP game) outsource their routing
'stuff' and would probably palm off the creation of resource certs to
someone else who might then hold the private key - so I would argue that the
more correct approach here, is to say that:

"modifications of such database objects are authorized by the holder(s) of
the private key for the resource certificate that encompasses the the
Internet resources mentioned in those objects."

The second last sentence clarifies somewhat, but my point is that I don't
see that the maintainer::Resource Holder::Private Key Holder is a simple
straight line. (and I note that the mntner object has no additional
handling, so in a way the mntner and the private key and resource cert in
the 'signature:' attribute can be quite unrelated except for some IRR
process to assert some relationship, somehow. Is/was there any discussion on
why the mntner asserts no awareness of a signature or relevant published
rescerts that may come into play over the objects it is responsible for?)

Section 2.1, The new attribute signature looks to update RPSL (RFC2622)
shouldn't a 'updates' in the RFC header?

section 2.2, nit.  "Allowing the maintainer an object to select the
   attributes that are covered by the digital signature achieves the
   goals established in Section 1."

missing "of", should be:

   "Allowing the maintainer of an object to select the
   attributes that are covered by the digital signature achieves the
   goals established in Section 1."

In Signature Creation (3.2) I would like to see a pointer to section 4. You
have gone to the effort to provide a sensible list of the attributes in RPSL
objects to sign over (which I like!), might as well highlight this to the
reader in section 3 and also in the intro and abstract. For me this is an
important piece.

I think the security considerations section needs work. Your rightly point
out that confidentiality (as a public object) is not a concern. I would like
the "integrity of the RPSL object" reworded so that you are actually talking
about the attributes (section 4) of the RPSL object which are signed over.

There are no words about availability. I think it needs to be highlighted
that signing the objects still does not guarantee any level availability or
end to end integrity. It's whois. :-) Any object can be modified in transit
(MiTM) to drop the signature attribute and modify the RPSL contents should
an attacker wish to.

Can you provide a set of actual examples in an appendix? I am most
interested in seeing an example with the optional references to other
parties certificates field 'o'. and additional signatures. (section 2.1,
second number '2' bullet)

For the most part I have no strong objections to this document moving
forward.

Cheers
Terry

On 25/05/12 9:06 AM, "Murphy, Sandra" <Sandra.Murphy@sparta.com> wrote:

> The authors have stated that they believe that draft-ietf-sidr-rpsl-sig-05
> "Securing RPSL Objects with RPKI Signatures" is ready for a working group last
> call.
> 
> The draft can be accessed at
> http://tools.ietf.org/html/draft-ietf-sidr-rpsl-sig-05 and
> https://datatracker.ietf.org/doc/draft-ietf-sidr-rpsl-sig/
> 
> This announces the beginning of the wglc.  The last call will end on Friday,
> 08 Jun 2012.
> 
> Please judge whether you believe that this work is ready for publication and
> send any comments to the list.
> 
> --Sandy, speaking as wg co-chair
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr