Re: [sidr] WGLC: draft-ietf-sidr-rtr-keying - finishes - 10/16/2017 - Oct 16, 2017

Sean Turner <> Mon, 16 October 2017 02:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EDBF2133343 for <>; Sun, 15 Oct 2017 19:08:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IR_eSbXFv10o for <>; Sun, 15 Oct 2017 19:08:46 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BE123133341 for <>; Sun, 15 Oct 2017 19:08:44 -0700 (PDT)
Received: by with SMTP id d67so11119178qkg.5 for <>; Sun, 15 Oct 2017 19:08:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=vJsUVuqqKqP+OCQRtsRW7obvbSq041mLiRnid0HMW4I=; b=f3oTKnhSZKTZik6oUi3RB3vNK5XV04c4E0KSfPURnh017WzsjDDSqLXUdJPja0J5L+ kBmDwm84pWBUxuEORXWf0XAXqIdFBVPxoZWFHKmHg4IFs0q61XeHbiTFLn4F1so2uNAL P19rhamTRqpl/sMEjtRi5x8HJN9G2UjxPNMk0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=vJsUVuqqKqP+OCQRtsRW7obvbSq041mLiRnid0HMW4I=; b=nM99UcudriCedhuC/qugsq8li3OMpLLL2LZ3zCjddVfZK1//W9Ry1Rq6VEihqkUB8A RqPbdjQOOWGUkBYwaSWjqlcyPGDNLE+UUwGcAFOpwru7pbvCfi4fRoqJZL5sKsxx5QZc 4w6rQ2/NP/oM9eANfAiEPghWNKyVVRafnZDAj7UZLoj0uagTtp9KquK5N2qyTj4//bQG zcGKjGdYJCYy9pFyCyFUSc8Y6KSAYAUqmEpWOZ0ItXTTB/EAojeof9v9xfDIVjby77sT WRT8WD9LwZWGZG4O2iP9ny3p3q68y8J6EM9ShLvEth/z3uE6deuhfn+ojGVpM3PSnIkK /Q8g==
X-Gm-Message-State: AMCzsaXOxf6cHuBYwxTEwh2c+R1AEPN51ePZK0CB8aDKjBd8q6cHnCUo v77Ww5LxXSTpH2pIXDn71LKIiA==
X-Google-Smtp-Source: ABhQp+QUdQL9xU3ptvlHJBmFEnw+C4e4/Wxw/JeBgjVQXwcxmTQTdcYxvOzXLz/8Eeku6ZFHB/HCeQ==
X-Received: by with SMTP id c81mr10661705qke.43.1508119723786; Sun, 15 Oct 2017 19:08:43 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id c52sm4258122qtc.24.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Oct 2017 19:08:42 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Sean Turner <>
In-Reply-To: <>
Date: Sun, 15 Oct 2017 22:08:40 -0400
Cc: Christopher Morrow <>, "" <>, "" <>, "" <>, "" <>, "Sriram, Kotikalapudi (Fed)" <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <>
To: "Borchert, Oliver (Fed)" <>
X-Mailer: Apple Mail (2.3273)
Archived-At: <>
Subject: Re: [sidr] WGLC: draft-ietf-sidr-rtr-keying - finishes - 10/16/2017 - Oct 16, 2017
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 16 Oct 2017 02:08:48 -0000

Just going to run through them in order but grouping some together.


  In the operator-driven method, the operator generates the private/
  public key-pair and sends it to the router, perhaps in a PKCS#8

[ob] "perhaps" As implementer, this is somewhat confusing.

   package [RFC5958].

[spt] sure I changed “perhaps” to "e.g.” ;)


  In the router-driven method, the router generates its own public/
  private key-pair.

[ob] End the sentence here

[ob] -------- The paragraph below contains too much detail for the introduction

[spt] The introduction just kind of kept growing.  And, I think somebody asked for concrete references somewhere along the way.  The references are   elsewhere in the document so maybe we can drop the super technical bits from the intro If we’re going to change this sentence to make it that short I’ll likely that the e.g., bit out of the previous paragraph.

2) update references

[spt] Yep - and done

3) s3 Intro

[ob] Maybe more than one sentences make it clearer. Not easy to
[ob] understand.

[spt] it is kind of a mouthful, how about:

  A number of options exist for the operator management
  station to exchange PKI-related information with routers
  and with the RPKI including:

  - Use application/pkcs10 media type [RFC5967]  to
    extract certificate requests and application/pkcs7-mime
    [RFC5751] to return the issued certificate

  - Use FTP or HTTP per [RFC2585], or

  - Use the Enrollment over Secure Transport (EST) protocol
    per [RFC7030].

4) router burden in s4, s6 (now s7), and s7, etc

   To start, the operator uses the communication channel to
   install the appropriate RPKI Trust Anchor' Certificate (TA Cert)
   in the router. This will later enable the router to validate the
   router certificate returned in the PKCS#7.

[ob] Section 8.1 specifies that the operator is responsible to assure
[ob] that the router has valid keys. Therefore, it is not clear why this
[ob] above paragraph necessary.
[ob] Maybe the above paragraph could be a feature of the “Advanced
[ob] Deployment [ob] Scenarios” in section 7


[ob] This is again back to trust. The operator should verify the
[ob] certificate, not the router.The operator MUST verify the
[ob] certificate prior publishing it. This is outside of the scope of the
[ob] router.

[spt] I agree with your point that it’s up to the operator to ensure the router’s keys are valid.  But, operators are humans and they make mistakes.

[spt] While s8.1 does include text stating that the operator is responsible to ensure valid keys are used, it’s in s8.1 much later in the document.  We placed this here to avoid a back pointer.

[spt] WRT burdening the router with verifying the private key corresponds to the returned public key: You’re right it’s the operator’s job, but operator’s make mistakes.  If the router also checks that the private key corresponds to the returned public key, it’s goodness all around.

6) Comments on restructuring s5-7.

[spt] Some of this I think might make sense, but not all of it ;)

7) s5

[spt] In the choose your own adventure of s5, I’d prefer to the leave the AS inclusion text in sub-sections.  Sure it’s repeated twice, but then each section is self-contained.

[spt] The 2nd para in s5.1 is there to address some comment we got long ago.  I’d like to leave the text, but add “NOTE:” in the front of it so people get that something has to happen for the RPKI to authenitcate the router.

8) new s7

[spt] I’m not sure why we’d move the paragraph that talks about checking the sig on the PKCS#8 and Certificate to s5.2.1.  The certificate isn’t yet in the picture yet so to me it seems to fit best where it is.

9) s7 (now s8)

[spt] We can’t move it to an informative appendix because s7 was a grand compromise between Max and the authors.  He assertion is that the manual process is weak security and it really ought to be more automated.

[spt] WRT “More PKI-capable router” there’s no really a reference.  It’s really just that the router supports some of the things listed in the remainder of the paragraph.  But, the basic idea is that the operator won’t be messing with the CLI.

[ob] How is this with RouterID 0 for shared keys within an AS? Could this
[ob] cause conflicts? Same for multiple keys for same router with
[ob] RouterID?

[spt] I’m trying to figure out whether this comment just applies to the advanced scenarios or more generally?

[spt] Here’s how I see it: Operator has two routers each with IEEE 802.1 AR certificates.  They communicate the subject names (and maybe the public keys) from the AR certificates to the CA.  The CA then accepts requests from these two routers and no others.  If the operator tells the CA to give them the same AS number it does if not it doesn’t.  Makes sense?

10) s8 (now s9)

[spt] I’m okay with the re-write of the intro, but I kind of want to keep the part about it being the operator’s responsibility to maintain the key for their entire lifetime.

[spt] WRT another ops RFC reference are thinking about something like ghostbusters?  Other than that I’m not sure what else we’d refer to.

[spt] I’m happy to point to the keyroll over spec.

[spt] re mentioning BG4 fallback isn't that kind of implied with disabling BGPsec?  I mean guess not, but would love for you to propose some text ;)


> On Oct 12, 2017, at 17:43, Borchert, Oliver (Fed) <> wrote:
> Hi,
> I  believe this draft is important. Said that, I also believe that it needs some more work before it is ready to advance to IESG review.
> Sriram and I were reading the draft carefully and after some discussion, I added our findings into the document itself.
> For easier reading, I added the comments as attachment in pdf form.
> The main issues we identified were in sections 5, 6, and 8 of the document.
> The sections 5 and 6 are not easy to understand and the flow is somewhat confusing. We propose to restructure the sections 5 and 6 into three sections,  each section having a well-defined outcome.
> This makes it easier for an implementer to understand what to do and what is expected.
> Also in section 8, we identified some overlapping with draft-ietf-sidrops-bgpsec-rollover-02. We propose some changes and references to mitigate the overlaps.
> Once our concerns are addressed, we believe that the document should advance to IESG.
> We are willing to help out in any capacity,
> Thanks,
> Oliver
> From: sidr [] On Behalf Of Christopher Morrow
> Sent: Monday, October 02, 2017 11:14 PM
> To:;;
> Subject: [sidr] WGLC: draft-ietf-sidr-rtr-keying - finishes - 10/16/2017 - Oct 16, 2017
> WG Folk,
> I thought I had sent this note our previously, but... better late then never sent:
> Please consider this the WGLC for:
> Abstract:
>   "BGPsec-speaking routers are provisioned with private keys in order to
>    sign BGPsec announcements.  The corresponding public keys are
>    published in the global Resource Public Key Infrastructure, enabling
>    verification of BGPsec messages.  This document describes two methods
>    of generating the public-private key-pairs: router-driven and
>    operator-driven."
> Please send along comments/complaints/issues/kudos (to the authors), to the list and I'll see you all in ~14 or so days.
> Thanks!
> -chris
> co-chair
> <Review-v3-Router-Keying-for-BGPsec.pdf>