Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-identity-00
Randy Bush <randy@psg.com> Tue, 11 May 2021 14:46 UTC
Return-Path: <randy@psg.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 194873A1A6E for <sidrops@ietfa.amsl.com>; Tue, 11 May 2021 07:46:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2LZHfDO-0j3P for <sidrops@ietfa.amsl.com>; Tue, 11 May 2021 07:46:51 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 143543A1A68 for <sidrops@ietf.org>; Tue, 11 May 2021 07:46:51 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from <randy@psg.com>) id 1lgTep-0002eZ-Mu; Tue, 11 May 2021 14:46:48 +0000
Date: Tue, 11 May 2021 07:46:47 -0700
Message-ID: <m21raduy3s.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: George Michaelson <ggm@algebras.org>
Cc: SIDR Operations WG <sidrops@ietf.org>
In-Reply-To: <CAKr6gn18yGTrAiqPA2P+kc+JBt2Tf8D-G4Gf5WCnASm8vk1Fvg@mail.gmail.com>
References: <m2k0o6uqot.wl-randy@psg.com> <CAKr6gn3oCZBOP3L8AQWvH9Nk4fum-ycZCnHO_DUtgdx5M=z_+A@mail.gmail.com> <m2fsyuuofa.wl-randy@psg.com> <CAKr6gn18yGTrAiqPA2P+kc+JBt2Tf8D-G4Gf5WCnASm8vk1Fvg@mail.gmail.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.3 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/T2fa6zlzm7U7k_fNX91zAIGDGkU>
Subject: Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-identity-00
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 May 2021 14:47:04 -0000
this confuses me even further. perhaps less words would help. > holder of RPKI cert over 192.83.230.0/24 creates a nonce, and > communicates it OOB to cert holder in "iij has a corporate x.509-based > employee database" using their public key: this is private, only can > be decoded by private keyholder. > > the specific person, they sign "I saw nonce" with IIJ corp cert > private key. they hand it back to RPKI cert person. > > holder of RPKI cert validates: yep: under the IIJ TA they signed over > the nonce I gave them. This private key, it is the one I passed the > nonce to, no matter how indirect that happened, it wound up being a > chain from the nonce to the Private Key. If you care, you need to > communicate the nonce over some secure channel, but its out of band. > > You sent them a thing only the bPKI private key holder can decode, > they sent you back a reply only the bPKI private keyholder can encode. near as i can tell, this was three paragraphs describing a classic nonce exchange to demonstrate proof of possession of a private key (see, i can use important words too:). what am i missing? > you then sign over some other assertion, saying "I did a nonce check, > and this private key here, which IIJ says is employee X, they seem to > check out." with the INR you want to associate. eh what? "this private key here, which IIJ says is employee X?" there ain't no here here. no one has that *private* key except the iij employee. > Your RPKI sign, can only validate you control the INR. if you use > either RTA or RSC, you co-validate the hash of>some other assertion< > but only in X509 cryptographic sense: the hash is asserted to be > valid, under the constraint it was signed over by this specific RPKI > INR. You cannot validate the>applicability< of that hash, it lies > outside the RPKI validation model. a lot of words to say the INR holder can use hacks to sign some hash? a hash of what? > neither PKI has to breach its own validation policy. i suspect that A has to validate B certs up to B's TA which A got by magic. unless you want to add validation signaling; which i suggest that you not do. and how does A know that B has not taken some weird validation altering drug? but let's ignore that and assume we're in drug free normal X.509 world; sorry i could not resist. > They only ever apply to validate the property of "which INR is > associated with the specific assert being made here" for RPKI > validation and "which identity, outside of RPKI, is being asserted > here" for bPKI validation. dragging the bpki in confounds things even further. do you really mean the bpki used to assure the rpki left/right and up/down communication? > why did you trust the bPKI in the first place? You have a TA. Thats > what TA do: they tell you to trust things. This isn't an RPKI TA, its > a bPKI TA. I can imagine somebody is whispering PGP at this point. i thought i knew what an x.509 TA was. though this conversation could start to alter that assurance. >> what is the real world meaning of this? in few small words. what i was hoping for was something such as "this means randy from iij must be the owner of 192.83.230.0/24 and can say authorative things about it by showing you his iij identity badge." or "the owner of 192.83.230.0/24 can speak for randy from iij." but i do not see that you have made that leap; likely due to my being too easily confused. randy
- [Sidrops] draft-ietf-sidrops-rpki-has-no-identity… Randy Bush
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… George Michaelson
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Randy Bush
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… George Michaelson
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Russ Housley
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Tim Bruijnzeels
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Russ Housley
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Randy Bush
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Tim Bruijnzeels
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Randy Bush
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Tim Bruijnzeels
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Job Snijders
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Randy Bush
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Randy Bush
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… George Michaelson
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Russ Housley
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Randy Bush
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… George Michaelson
- Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-iden… Randy Bush