Re: [Sidrops] What should an RP do on different public key, same subject name?
Di Ma <madi@juicybun.cn> Tue, 08 February 2022 10:09 UTC
Return-Path: <madi@juicybun.cn>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 5BCCA3A0DE8
for <sidrops@ietfa.amsl.com>; Tue, 8 Feb 2022 02:09:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.821
X-Spam-Level:
X-Spam-Status: No, score=0.821 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, INVALID_MSGID=0.568,
KHOP_HELO_FCRDNS=0.399, MIME_BASE64_TEXT=1.741, SPF_NONE=0.001,
T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001]
autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id HWOtd5sCfJVi for <sidrops@ietfa.amsl.com>;
Tue, 8 Feb 2022 02:09:05 -0800 (PST)
Received: from smtpproxy21.qq.com (smtpbg702.qq.com [203.205.195.102])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 662BD3A09C0
for <sidrops@ietf.org>; Tue, 8 Feb 2022 02:09:04 -0800 (PST)
X-QQ-mid: bizesmtp34t1644314939t9em6d83
Received: from DESKTOP-FGBHRHD (unknown [202.173.9.210])
by bizesmtp.qq.com (ESMTP) with
id ; Tue, 08 Feb 2022 18:08:58 +0800 (CST)
X-QQ-SSF: 01100000002000D0V000B00A0000000
X-QQ-FEAT: XcJ1Se6WjenIr2+Jmx3BDh9juEr07rkRFfIBAvypuuHevYG3YQz2wr7l708g6
pNp+jVJfwaAI1hz9RvYcbqfGzI2RugczsdCjJ88acFH02UjA+ZJLK+sRt1rCeWnDCeNesrR
dXAEGAnDH+YyuFZBXOYbkkRiFVckws+MuKDcBeotTGB7Hhkt/+146QlrNeTwJREXb0Vuq4M
P4Onooo2W44PZ4fG9b3LD0rNSg19xbf0LGl0IRpuSqOYu5pSHjle0ty63pBLjPKAo6HYn69
KKx2OJj38TtPNB3mtVD7MfX31zApl9hE8fzYRzulr2tmquFeQCaUxCdw6vH15bSwFH8bval
skeNrlsDqGKD4P+Y9+X9qGGvIWmhg==
X-QQ-GoodBg: 0
Date: Tue, 8 Feb 2022 18:09:00 +0800
From: "Di Ma" <madi@juicybun.cn>
To: "Alberto Leiva" <ydahhrk@gmail.com>,
sidrops <sidrops@ietf.org>
References: <CAA0dE=Xpf5_G+KRzXEbPTojVUYYskepAOf_83anj_90+mQSQ=Q@mail.gmail.com>
X-Priority: 3
X-GUID: BCB30018-D68E-451A-90CD-440AC294CCF0
X-Has-Attach: no
X-Mailer: Foxmail 7.2.23.116[cn]
Mime-Version: 1.0
Message-ID: <202202081808595303458@juicybun.cn>+EF2B9598EC4EE51A
Content-Type: multipart/alternative;
boundary="----=_001_NextPart727432486318_=----"
X-QQ-SENDSIZE: 520
Feedback-ID: bizesmtp:juicybun.cn:qybgforeign:qybgforeign7
X-QQ-Bgrelay: 1
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/0Dp8_rHvvY-jRSTlCIqrHVTH-I4>
Subject: Re: [Sidrops] What should an RP do on different public key,
same subject name?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>,
<mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>,
<mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Feb 2022 10:09:09 -0000
Albeto,
Good catch of inconsistence of requiements on subject name of RPKI certificate.
As far as I am concerned, subject name of RPKI certificate is not used for identification, which is different from those in web PKI.
With this understanding, FYI, RPSTIR2 currently does not check the uniqueness of subject name neither.
Di
From: Alberto Leiva
Date: 2022-02-08 06:49
To: sidrops
Subject: [Sidrops] What should an RP do on different public key, same subject name?
Hi. I'm maintaining FORT, an RP implementation. I found a validation
FORT seems to be implementing incorrectly, and the RFCs are giving me
trouble. Can I have some advice?
RFC 6487:
> Each distinct subordinate CA and
> EE certified by the issuer MUST be identified using a subject name
> that is unique per issuer. In this context, 'distinct' is defined as
> an entity and a given public key.
Bit awkward for my taste. Removing some redundancy:
> Each distinct subordinate CA and EE certified by the issuer MUST have
> a unique subject name. In this context, 'distinct' is defined as an
> entity and a given public key.
Trimming fat:
> Each distinct child certified by the issuer MUST have a unique
> subject name. In this context, 'distinct' is defined as an entity and
> a given public key.
Translation:
> Sibling certificates MUST have different subject names. Among a
> parent's children, siblings are identified by their [entity, public
> key] tuple.
("Entity" is seemingly not defined by any relevant glossaries [if
you're going to update these documents at some point, might I suggest
this gets fixed], but from RFC 6484, we can surmise it means "INR
Holder.")
The requirement is kind of circular because an entity would normally
be identified by its parent certificate and subject name... right? How
else would an RPKI consumer identify the entity?
Educated guess:
> Sibling certificates MUST have different subject names. Among a
> parent's children, siblings are identified by their [parent, subject
> name, public key] tuple.
Given that we've established that we're talking about siblings, the
parent is always the same, so it becomes
> Sibling certificates MUST have different subject names. Among a
> parent's children, siblings are identified by their [subject name,
> public key] tuple.
Circular because of the double "subject name":
> Given two siblings, if their [subject name, public key] is different,
> then their subject names MUST also be different.
In other words, given sibling certificates A and B, subject names a
and b, public keys m and n, a != b and m != n, then
- If A = [a, m] and B = [a, m], then no constraints must be imposed. (A = B)
- If A = [a, m] and B = [a, n], then a != a. This makes no sense, and
is thus illegal.
- If A = [a, m] and B = [b, m], then a != b. Self-evident.
- If A = [a, m] and B = [b, n], then a != b. Self-evident.
So... assuming my several flights of fancy have so far been correct,
the requirement can be reduced to
> If two sibling certificates have different public keys, then they
> MUST have different subject names as well.
ie. this whole mess is just a reword of the (infinitely more
comfortably articulated) immediately following RFC 6487 sentence:
> An issuer SHOULD use a different subject name if the subject's key
> pair has changed (i.e., when the CA issues a certificate as part of
> re-keying the subject.)
Except... the two requirements are actually contradicting each other:
The former is defined as a MUST and the latter is a SHOULD.
------------------------------
Ok. That established, here's the point:
Would it be reasonable for an RP implementation to trim branches off
the tree if they violate the above rule?
The point of this rule is to prevent broken key rollovers... right? I
think? So, is a bad key rollover grounds to chop pieces off the
Internet?
Does this requirement exist to somehow simplify the work of RPs, or to
be enforced by RPs? Are RPs supposed to care?
I'm thinking about dumping a warning on syslog and keep going, but I'm
not sure there'd be a point to it.
(And which is it? MUST or SHOULD?)
Thanks in advance,
Alberto
_______________________________________________
Sidrops mailing list
Sidrops@ietf.org
https://www.ietf.org/mailman/listinfo/sidrops
- [Sidrops] What should an RP do on different publi… Alberto Leiva
- Re: [Sidrops] What should an RP do on different p… Di Ma
- Re: [Sidrops] What should an RP do on different p… Stephen Kent
- Re: [Sidrops] What should an RP do on different p… Alberto Leiva