Re: [Sidrops] What should an RP do on different public key, same subject name?
Stephen Kent <stephen.kent@verizon.net> Tue, 08 February 2022 18:19 UTC
Return-Path: <stkent@verizon.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 03F673A0A53
for <sidrops@ietfa.amsl.com>; Tue, 8 Feb 2022 10:19:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.803
X-Spam-Level:
X-Spam-Status: No, score=-2.803 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
NICE_REPLY_A=-0.714, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=verizon.net
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id h85FdGZT5bC5 for <sidrops@ietfa.amsl.com>;
Tue, 8 Feb 2022 10:19:33 -0800 (PST)
Received: from sonic301-32.consmr.mail.ne1.yahoo.com
(sonic301-32.consmr.mail.ne1.yahoo.com [66.163.184.201])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 27FE53A0E7E
for <sidrops@ietf.org>; Tue, 8 Feb 2022 10:19:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon.net; s=a2048;
t=1644344369; bh=RkmRq2491uZoPr/v8NTOB1Yyh0FqCLFacIYTtfPiDxI=;
h=Date:From:Subject:To:References:In-Reply-To:From:Subject:Reply-To;
b=bqO4YGHqngwdzRcZGasOnbYXvsljNYI5mURmWbPn/90qyyOzKyr3V7r4Znf2kHceuqwiI0y46DiEvGcsv/i0VemcXlzSSvyKKWrfPWP1kkoU4U/i62mzDjzfzt8E5WrAAZrZZnZD0JAIFCxYScx9UiRjvFF0xRDvQTChXOOw+H/wxKyDS16+m0nFWiYXJQTko0ygWHpMNlooTPuppFa/Jk8KZb0ECwSnOeQcaOGVEU0sgmQXxUlUwbVYZbBwn0WdfjkYfZAeHqAidKUNxCVsBlN4HLZ9ZDLpKuRiy1iZiOkgx+AhIrxbLejaoghZFtvfcy+Iba/yzcieFvRbmqCObA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
t=1644344369;
bh=tUBdWZeYZSsOzsI8cZGmcxvrGjgnHSYc7yIpH/G1Flv=;
h=X-Sonic-MF:Date:From:Subject:To:From:Subject;
b=VS99pE9ltEmFi/Pj7ygiOzMsH/+WTmwDUlOS0Pfv+PRc3Spn6dYaDSDsl7StX8pMRCv2WfusQ1g1U5sZo4KHu+g9OThO/fl152P3dEMZ4xI6P4Ts6fKpmuW2wNSNw4fxvDqMXsOl9mOA3QvnbuZctTTsWdXV7wLYj3LDYpfjifv7l39QneEoOzTyTspSmC3VOFQ/WjVrf6ALwOkiKnSf+M1oW6mw43DTHcFVcHANdiYkyl4ikIoRkG2OAtyVcLiyT+gjZRy9DxGKNZ6S3niLo018ufp/ZqK9RacdjnxRVqSTihCj5+KG314jRw9LGsgZ3FMQw1Tku81PRn1UsJGS+g==
X-YMail-OSG: tY0selAVM1mnnkU4S2dqozDBTfWvskhFHkc7Ic_ftDs8xU8XehDURWmhyvKBA6M
vwtRgJ88qFW.i_8_S3pB9tY46d2aGDd7moBiPv6kfx7h3lo6pjplXv8tmFkbY5yvP9W8yPeY__AZ
7kkKEARZBxxTEdqsr7zQ8V4ULH_tGFrsKgBmQrccisYtmBg7b5V3fgr4FSbwnuHH1YZ7sq2B19IC
HtK5ZrEhCi0DoHHhkVqVx8X8jkNaaHKYrJ.VD3lefW3z29CUpPYG1Zx.zGXRhF3.D6z8un5XvmsQ
.DkWts1esFpsxvG.x280ocw15QOhvhVW4etMXS7uf7IeDQl6nW94l5aCr4nP13U9vYdklLT398Uh
g0qdomaw0xsEjkMyYjAdAimLfv.UJyxFuAKfUHfWve6ZMU91BOqQ75ucdYWSeFo5Bynd3t8.wunU
2CYzTNKt9iJPVjOq8a1ycZdy14_iPfmZecZrxsJzLUHN_xmDbE8Dxi1yvzyYGNqKhgd9Fs0cl6Jz
D.Vi4ykyMhhQptjAWDldhoIPs5kp5vBe_Z.xMP34PfPIAk_S3sqtr8DeHpSaVMmOVBv6U2fv8UPr
JgApGSFoUwMMK53f2XFeYJnl_QAXuzv6yfqL1xb0iJPw9Tr70o_SP6dUdeq_e5.PFL0ru0Bp_Yz6
SvM5UDbY1GUuNqCP.i0_pNQaImkBu_NLJ1l8EjmzdOmeXaMJ_3iOVcOWsPh72yrDYUOwLCS.AwJn
MkhifqXyL4YYWkXcMBGdhWmc2hKKj6uKIfIz8fRouevEcfwh_XICt5Wrqgm.ulhQITWHywibnvkw
3t7lHiH8x_17Q4WhcQuvwW4FsR7N1eUnlvfzgHIA7nmmxiKqdicpGR9awOuKVSq2vyuvQgIqY.U1
Ntk1HdemYqa7_mJVSEj3RzudaI_Xj2cfw.gjYzEjn6HGPsIPuz4UIsX6zNjzCUOPPEPivjsh9ljI
ohJXyNyCI0YuZjN.bJJHeG3FqBdFG8kaIpZERGdvLhpM4T6_DS9v66Ujdd95O3LmP44trGNlk28E
_U7PTdU9zeUO_t49X9_PQ..Gj7a8viK8EniLHpT_WtZ_D9ZY1DPaR_.bpgaOfas3wiQF6Bqv8PG6
FTKFL50OZcnnvImTYEiEpaTC7MlsELgrKYwg.q2SZfhjdNryvRUDL_14ZXKAc3C9i4gETU_EEBsC
VLmenCZPpnxEH98gRkOS2YUQV1qiWO5ZbOhOaX2VCE.sB3X1AgNcN4sAfFq0nPOepGmRYIM1GYI2
JgSyy6Zm_njmLK5B2pOrCvEUa0tEY7Thw4EBXe4QV2k0vHKLPKg5LKgJcBRl7bLMkfQDR.c.xhhl
j8_I1AswoZOAaZvkn89T1Htymd8LSW8WTjp.Qga.DzRAjm_S9n73RvEShuJ1Ig2BVvtjwSp4Y0ix
zlXVc0OYibIXz6lTuC7CijAzTQ93AqjqKUt8U0_P4RKoPe5HnXVewyep23MBjKxWvsDoOB6OtKtE
OTmBIknB2JKDLy7LyAR6OEjcsk6dFfMZHX6H45_egKHutrPV2CGepaHbbvGtGDLDm9v7MZFgaUcd
x6kdnA7PaiL_nT4wV946BxrVUghdYSzHbLiHnfioe1giWqYrnS96n5BKXE4tbfaXvB68JH5Do3Ec
upfvATQypfDsik5fsEQrU2yUivPN0L7LMfEzzvF4Lw7mVnP5mPX4mb6wY_YaH4JpEAOuDvmeIpIQ
j8rckQ3b07w.7.Bt9XYxosxqyqB4ebhjpwe6sBKBRL6ko8rPJEZbJx7iktBekN8YcgBlox4L.Ail
LbV7pN_LeExUjeNK2ikQ1sE9jQ9uIcabzwL3FWU8mUNr3PrfAXhBU20yiBJiLP.cW.DKW2aV6m3t
RA4TbnWwP4TB6fPGgzDut_GiVgXuDIIKb8O_o9A1NfYt4V01Mika1xC7U37_WdM.gGn8wGO_uvWI
6fV2HDNN45U4jbuE37aS4xvmwME8_WU1Mg3FV4anbItvjcZyQMMvWe64HIZqYsQeK4xQOPl7bO7m
mngZRTt.prJIxGgEI4eVWP7ebV0gjX6Z5EapI2epGY2oLWyb48WNSbZmPgD07PzYHhefyvLokQQK
zp6g1E977mZsLwN3Oc9ZRjE9KHN678u4jgu0.Q_0doeQyFcIhtfaqKGg9QN4VZjBVelKeTve.GqM
PWcr85hRwTdqjkZ33p6FXgHk4Wu_tpmS3oiG1T.QN1j1XDyxEkkfcIq_opp0CWtGhQiA3nkhdHqh
AMPFI
X-Sonic-MF: <stkent@verizon.net>
Received: from sonic.gate.mail.ne1.yahoo.com by
sonic301.consmr.mail.ne1.yahoo.com with HTTP; Tue, 8 Feb 2022 18:19:29 +0000
Received: by kubenode502.mail-prod1.omega.bf1.yahoo.com (VZM Hermes SMTP
Server) with ESMTPA ID fa01bc6cc43444201a2836975b543c17;
Tue, 08 Feb 2022 18:19:27 +0000 (UTC)
Content-Type: multipart/alternative;
boundary="------------vyiwOfuLooJ0owEhAwtkNpF1"
Message-ID: <33dc475d-f352-93e3-369e-9304359ca237@verizon.net>
Date: Tue, 8 Feb 2022 13:19:26 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
Gecko/20100101 Thunderbird/91.5.1
From: Stephen Kent <stephen.kent@verizon.net>
To: sidrops@ietf.org
References: <CAA0dE=Xpf5_G+KRzXEbPTojVUYYskepAOf_83anj_90+mQSQ=Q@mail.gmail.com>
<202202081808595303458@juicybun.cn>
Content-Language: en-US
In-Reply-To: <202202081808595303458@juicybun.cn>
X-Mailer: WebService/1.1.19724
mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.aol
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/YlCVyCog78USWuogkYMeEYeR6zE>
Subject: Re: [Sidrops] What should an RP do on different public key,
same subject name?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>,
<mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>,
<mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Feb 2022 18:19:38 -0000
Let me provide some context and further explanation.
The requirement that a Subject name be unique on a per-CA basis is
intrinsic to X.509, modulo re-keying of the Subject, i.e., a Subject can
acquire a new key pair and keep the same Subject name under the same CA.
If this requirement were not met there would be obvious, adverse
security issues. This is what is mandated by X.509 and by IETF PKI
standards.
In general purpose PKis this requirement cannot be verified by RPs,
since an RP is not expected to retrieve and verify all certs issued by a
CA. In the RPKI every RP is expected to retrieve all certs issued by a
CA, but I don't recall an explicit requirement that an RP check for
Subject name uniqueness, per se.
RFC 6487, Section 4.5 says that during re-keying a CA SHOULD change the
Subject name (to preserve uniqueness). I agree that this SHOULD (vs. a
MUST) creates confusion. I would prefer a MUST here, but I guess Geoff
had some reason to allow a CA to not always follow the guidance. It
could cause confusion for an RP that encountered two CA certs with the
same Subject name but different keys, hence the admonition to change
Subject names during re-key. Because 6487 allows for an exception to
this general rule, the text you cited later in Section 4.5 qualifies
uniqueness to include both Subject name and public key. I agree that
this discussion, all within one paragraph, is confusing.
Steve
>
> Good catch of inconsistence of requiements on subject name of RPKI
> certificate.
>
> As far as I am concerned, subject name of RPKI certificate is not used
> for identification, which is different from those in web PKI.
>
> With this understanding, FYI, RPSTIR2 currently does not check the
> uniqueness of subject name neither.
>
> Di
>
> *From:* Alberto Leiva <mailto:ydahhrk@gmail.com>
> *Date:* 2022-02-08 06:49
> *To:* sidrops <mailto:sidrops@ietf.org>
> *Subject:* [Sidrops] What should an RP do on different public key,
> same subject name?
> Hi. I'm maintaining FORT, an RP implementation. I found a validation
> FORT seems to be implementing incorrectly, and the RFCs are giving me
> trouble. Can I have some advice?
> RFC 6487:
> > Each distinct subordinate CA and
> > EE certified by the issuer MUST be identified using a subject name
> > that is unique per issuer. In this context, 'distinct' is defined as
> > an entity and a given public key.
> Bit awkward for my taste. Removing some redundancy:
> > Each distinct subordinate CA and EE certified by the issuer MUST
> have
> > a unique subject name. In this context, 'distinct' is defined as an
> > entity and a given public key.
> Trimming fat:
> > Each distinct child certified by the issuer MUST have a unique
> > subject name. In this context, 'distinct' is defined as an
> entity and
> > a given public key.
> Translation:
> > Sibling certificates MUST have different subject names. Among a
> > parent's children, siblings are identified by their [entity, public
> > key] tuple.
> ("Entity" is seemingly not defined by any relevant glossaries [if
> you're going to update these documents at some point, might I suggest
> this gets fixed], but from RFC 6484, we can surmise it means "INR
> Holder.")
> The requirement is kind of circular because an entity would normally
> be identified by its parent certificate and subject name... right? How
> else would an RPKI consumer identify the entity?
> Educated guess:
> > Sibling certificates MUST have different subject names. Among a
> > parent's children, siblings are identified by their [parent, subject
> > name, public key] tuple.
> Given that we've established that we're talking about siblings, the
> parent is always the same, so it becomes
> > Sibling certificates MUST have different subject names. Among a
> > parent's children, siblings are identified by their [subject name,
> > public key] tuple.
> Circular because of the double "subject name":
> > Given two siblings, if their [subject name, public key] is
> different,
> > then their subject names MUST also be different.
> In other words, given sibling certificates A and B, subject names a
> and b, public keys m and n, a != b and m != n, then
> - If A = [a, m] and B = [a, m], then no constraints must be
> imposed. (A = B)
> - If A = [a, m] and B = [a, n], then a != a. This makes no sense, and
> is thus illegal.
> - If A = [a, m] and B = [b, m], then a != b. Self-evident.
> - If A = [a, m] and B = [b, n], then a != b. Self-evident.
> So... assuming my several flights of fancy have so far been correct,
> the requirement can be reduced to
> > If two sibling certificates have different public keys, then they
> > MUST have different subject names as well.
> ie. this whole mess is just a reword of the (infinitely more
> comfortably articulated) immediately following RFC 6487 sentence:
> > An issuer SHOULD use a different subject name if the subject's key
> > pair has changed (i.e., when the CA issues a certificate as part of
> > re-keying the subject.)
> Except... the two requirements are actually contradicting each other:
> The former is defined as a MUST and the latter is a SHOULD.
> ------------------------------
> Ok. That established, here's the point:
> Would it be reasonable for an RP implementation to trim branches off
> the tree if they violate the above rule?
> The point of this rule is to prevent broken key rollovers... right? I
> think? So, is a bad key rollover grounds to chop pieces off the
> Internet?
> Does this requirement exist to somehow simplify the work of RPs, or to
> be enforced by RPs? Are RPs supposed to care?
> I'm thinking about dumping a warning on syslog and keep going, but I'm
> not sure there'd be a point to it.
> (And which is it? MUST or SHOULD?)
> Thanks in advance,
> Alberto
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops
>
>
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops
- [Sidrops] What should an RP do on different publi… Alberto Leiva
- Re: [Sidrops] What should an RP do on different p… Di Ma
- Re: [Sidrops] What should an RP do on different p… Stephen Kent
- Re: [Sidrops] What should an RP do on different p… Alberto Leiva