Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-identity-00

[Randy Bush <randy@psg.com>]

this confuses me even further.  perhaps less words would help.

> holder of RPKI cert over 192.83.230.0/24 creates a nonce, and
> communicates it OOB to cert holder in "iij has a corporate x.509-based
> employee database" using their public key: this is private, only can
> be decoded by private keyholder.
> 
> the specific person, they sign "I saw nonce" with IIJ corp cert
> private key. they hand it back to RPKI cert person.
> 
> holder of RPKI cert validates: yep: under the IIJ TA they signed over
> the nonce I gave them. This private key, it is the one I passed the
> nonce to, no matter how indirect that happened, it wound up being a
> chain from the nonce to the Private Key. If you care, you need to
> communicate the nonce over some secure channel, but its out of band.
> 
> You sent them a thing only the bPKI private key holder can decode,
> they sent you back a reply only the bPKI private keyholder can encode.

near as i can tell, this was three paragraphs describing a classic nonce
exchange to demonstrate proof of possession of a private key (see, i can
use important words too:).  what am i missing?

> you then sign over some other assertion, saying "I did a nonce check,
> and this private key here, which IIJ says is employee X, they seem to
> check out." with the INR you want to associate.

eh what?  "this private key here, which IIJ says is employee X?"  there
ain't no here here.  no one has that *private* key except the iij
employee.

> Your RPKI sign, can only validate you control the INR. if you use
> either RTA or RSC, you co-validate the hash of>some other assertion<
> but only in X509 cryptographic sense: the hash is asserted to be
> valid, under the constraint it was signed over by this specific RPKI
> INR. You cannot validate the>applicability< of that hash, it lies
> outside the RPKI validation model.

a lot of words to say the INR holder can use hacks to sign some hash?
a hash of what?

> neither PKI has to breach its own validation policy.

i suspect that A has to validate B certs up to B's TA which A got by
magic.  unless you want to add validation signaling; which i suggest
that you not do.  and how does A know that B has not taken some weird
validation altering drug?  but let's ignore that and assume we're in
drug free normal X.509 world; sorry i could not resist.

> They only ever apply to validate the property of "which INR is
> associated with the specific assert being made here" for RPKI
> validation and "which identity, outside of RPKI, is being asserted
> here" for bPKI validation.

dragging the bpki in confounds things even further.  do you really mean
the bpki used to assure the rpki left/right and up/down communication?

> why did you trust the bPKI in the first place? You have a TA. Thats
> what TA do: they tell you to trust things. This isn't an RPKI TA, its
> a bPKI TA. I can imagine somebody is whispering PGP at this point.

i thought i knew what an x.509 TA was.  though this conversation could
start to alter that assurance.

>> what is the real world meaning of this?  in few small words.

what i was hoping for was something such as "this means randy from iij
must be the owner of 192.83.230.0/24 and can say authorative things
about it by showing you his iij identity badge."  or "the owner of
192.83.230.0/24 can speak for randy from iij."

but i do not see that you have made that leap; likely due to my being
too easily confused.

randy