Re: [Sidrops] What should an RP do on different public key, same subject name?
Alberto Leiva <ydahhrk@gmail.com> Wed, 09 February 2022 19:45 UTC
Return-Path: <ydahhrk@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 7A9E43A0A29
for <sidrops@ietfa.amsl.com>; Wed, 9 Feb 2022 11:45:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id vWqmsyPT9vWM for <sidrops@ietfa.amsl.com>;
Wed, 9 Feb 2022 11:45:12 -0800 (PST)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com
[IPv6:2a00:1450:4864:20::12a])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id E6AA13A09AD
for <sidrops@ietf.org>; Wed, 9 Feb 2022 11:45:11 -0800 (PST)
Received: by mail-lf1-x12a.google.com with SMTP id f23so6248788lfe.5
for <sidrops@ietf.org>; Wed, 09 Feb 2022 11:45:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc:content-transfer-encoding;
bh=9VgylGyk7BN9BfxmajbLe7KgZl932AB8IJkwirQEgOQ=;
b=baZ+Fsu2zgn6y2MC4jDh5zdcT0Yz4FK9/IETk10V8I/aarRQkcjkmpfZrEG708WT7P
IpZWhjGOKj7mJQazhJKH7RyEKn986oHU8wszxKapWWAB8X3f3YcT88CSYPjpKV0SLAua
P4CRhRYDhsGySL4gbu8cy80yol1udNRZxzwVmUolrAgfxNx+VkqKyfFg4afBistgVbDA
+7N+WMXhIjgucrwXqq6/RfR/0HM4a5+whd37GaXjxOBFFi3YaVI7TJHpChZWQK5j0A4w
4/IB5LE+8SUKl6IPAVURk0xlBtSx4unsGVHdLcW4mUoF0jDMirnRZA03vFL7Wj/sJQoO
Y2DA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc:content-transfer-encoding;
bh=9VgylGyk7BN9BfxmajbLe7KgZl932AB8IJkwirQEgOQ=;
b=AIxHyYMz/avXNCNst71YdeCU6+oDua0ifdIg7XB2bDPdESPYnmYog1wYNYg42o4+W6
HyKc0wfpEFfE+vVbz3ZqE7tDTEb9cazX2P2yYNnInYVnJ4YNSOPpTZdxxRYBsICfMUap
lJpgmEtY8JsjdiR4AzP+cJnG31GxUTt1vTMEitNoa8nODOcCkKQf2lgYJEc2Q4qeitAB
KJReneeXTuDIVhYCQJOv/fEU1D6UX+vJ69nC5pX9S96Bl873OL1Zofh2O9XqWAJ9qedr
HEM8+Du9drRUvHLWQvGn084dF1y3VifRBSAIu/gYshNR4mrJ6r4mIIzqgQhbACpD6ZMa
z/DQ==
X-Gm-Message-State: AOAM533mxiADoY0uaVvr7VQVM03gQuf0z/s5OmEfHi3OHkjnuq92QamK
3M5YejjzmDOJ3ugwLFCr/JrdLiSV4Xe1HmCR6i+qeO8Sz7A=
X-Google-Smtp-Source: ABdhPJyPBMT4ruJhbeMGPIKXOtBCDM5tBOuX93G5lgsFiB1lcSos1GCfNh9ourfRXJCVXZAeMM3j028giZX+FYdlGoc=
X-Received: by 2002:a05:6512:304d:: with SMTP id
b13mr2616923lfb.272.1644435908975;
Wed, 09 Feb 2022 11:45:08 -0800 (PST)
MIME-Version: 1.0
References: <CAA0dE=Xpf5_G+KRzXEbPTojVUYYskepAOf_83anj_90+mQSQ=Q@mail.gmail.com>
<202202081808595303458@juicybun.cn>
<33dc475d-f352-93e3-369e-9304359ca237@verizon.net>
In-Reply-To: <33dc475d-f352-93e3-369e-9304359ca237@verizon.net>
From: Alberto Leiva <ydahhrk@gmail.com>
Date: Wed, 9 Feb 2022 13:44:57 -0600
Message-ID: <CAA0dE=XD1-ZBdSsoHt_u+6K5cTWM1wAeM9ZQr2Z=_rriV6Gw_A@mail.gmail.com>
To: Stephen Kent <stephen.kent=40verizon.net@dmarc.ietf.org>
Cc: sidrops@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/Dqy9dCSWaF2ZVBCsGRlOBjLJSKg>
Subject: Re: [Sidrops] What should an RP do on different public key,
same subject name?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>,
<mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>,
<mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Feb 2022 19:45:15 -0000
Ok. Thank you both, very much. On Tue, Feb 8, 2022 at 12:20 PM Stephen Kent <stephen.kent=40verizon.net@dmarc.ietf.org> wrote: > > Let me provide some context and further explanation. > > The requirement that a Subject name be unique on a per-CA basis is intrinsic to X.509, modulo re-keying of the Subject, i.e., a Subject can acquire a new key pair and keep the same Subject name under the same CA. If this requirement were not met there would be obvious, adverse security issues. This is what is mandated by X.509 and by IETF PKI standards. > > In general purpose PKis this requirement cannot be verified by RPs, since an RP is not expected to retrieve and verify all certs issued by a CA. In the RPKI every RP is expected to retrieve all certs issued by a CA, but I don't recall an explicit requirement that an RP check for Subject name uniqueness, per se. > > RFC 6487, Section 4.5 says that during re-keying a CA SHOULD change the Subject name (to preserve uniqueness). I agree that this SHOULD (vs. a MUST) creates confusion. I would prefer a MUST here, but I guess Geoff had some reason to allow a CA to not always follow the guidance. It could cause confusion for an RP that encountered two CA certs with the same Subject name but different keys, hence the admonition to change Subject names during re-key. Because 6487 allows for an exception to this general rule, the text you cited later in Section 4.5 qualifies uniqueness to include both Subject name and public key. I agree that this discussion, all within one paragraph, is confusing. > > Steve > > > > Good catch of inconsistence of requiements on subject name of RPKI certificate. > > As far as I am concerned, subject name of RPKI certificate is not used for identification, which is different from those in web PKI. > > With this understanding, FYI, RPSTIR2 currently does not check the uniqueness of subject name neither. > > Di > > > From: Alberto Leiva > Date: 2022-02-08 06:49 > To: sidrops > Subject: [Sidrops] What should an RP do on different public key, same subject name? > Hi. I'm maintaining FORT, an RP implementation. I found a validation > FORT seems to be implementing incorrectly, and the RFCs are giving me > trouble. Can I have some advice? > > RFC 6487: > > > Each distinct subordinate CA and > > EE certified by the issuer MUST be identified using a subject name > > that is unique per issuer. In this context, 'distinct' is defined as > > an entity and a given public key. > > Bit awkward for my taste. Removing some redundancy: > > > Each distinct subordinate CA and EE certified by the issuer MUST have > > a unique subject name. In this context, 'distinct' is defined as an > > entity and a given public key. > > Trimming fat: > > > Each distinct child certified by the issuer MUST have a unique > > subject name. In this context, 'distinct' is defined as an entity and > > a given public key. > > Translation: > > > Sibling certificates MUST have different subject names. Among a > > parent's children, siblings are identified by their [entity, public > > key] tuple. > > ("Entity" is seemingly not defined by any relevant glossaries [if > you're going to update these documents at some point, might I suggest > this gets fixed], but from RFC 6484, we can surmise it means "INR > Holder.") > > The requirement is kind of circular because an entity would normally > be identified by its parent certificate and subject name... right? How > else would an RPKI consumer identify the entity? > > Educated guess: > > > Sibling certificates MUST have different subject names. Among a > > parent's children, siblings are identified by their [parent, subject > > name, public key] tuple. > > Given that we've established that we're talking about siblings, the > parent is always the same, so it becomes > > > Sibling certificates MUST have different subject names. Among a > > parent's children, siblings are identified by their [subject name, > > public key] tuple. > > Circular because of the double "subject name": > > > Given two siblings, if their [subject name, public key] is different, > > then their subject names MUST also be different. > > In other words, given sibling certificates A and B, subject names a > and b, public keys m and n, a != b and m != n, then > > - If A = [a, m] and B = [a, m], then no constraints must be imposed. (A = B) > - If A = [a, m] and B = [a, n], then a != a. This makes no sense, and > is thus illegal. > - If A = [a, m] and B = [b, m], then a != b. Self-evident. > - If A = [a, m] and B = [b, n], then a != b. Self-evident. > > So... assuming my several flights of fancy have so far been correct, > the requirement can be reduced to > > > If two sibling certificates have different public keys, then they > > MUST have different subject names as well. > > ie. this whole mess is just a reword of the (infinitely more > comfortably articulated) immediately following RFC 6487 sentence: > > > An issuer SHOULD use a different subject name if the subject's key > > pair has changed (i.e., when the CA issues a certificate as part of > > re-keying the subject.) > > Except... the two requirements are actually contradicting each other: > The former is defined as a MUST and the latter is a SHOULD. > > ------------------------------ > > Ok. That established, here's the point: > > Would it be reasonable for an RP implementation to trim branches off > the tree if they violate the above rule? > The point of this rule is to prevent broken key rollovers... right? I > think? So, is a bad key rollover grounds to chop pieces off the > Internet? > Does this requirement exist to somehow simplify the work of RPs, or to > be enforced by RPs? Are RPs supposed to care? > > I'm thinking about dumping a warning on syslog and keep going, but I'm > not sure there'd be a point to it. > > (And which is it? MUST or SHOULD?) > > Thanks in advance, > Alberto > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops > > > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops > > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops
- [Sidrops] What should an RP do on different publi… Alberto Leiva
- Re: [Sidrops] What should an RP do on different p… Di Ma
- Re: [Sidrops] What should an RP do on different p… Stephen Kent
- Re: [Sidrops] What should an RP do on different p… Alberto Leiva