IETF Logo Mail Archive

Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-identity-00

Russ Housley <housley@vigilsec.com> Tue, 11 May 2021 14:20 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE0CF3A1982 for <sidrops@ietfa.amsl.com>; Tue, 11 May 2021 07:20:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ogisc-w6iaZ for <sidrops@ietfa.amsl.com>; Tue, 11 May 2021 07:20:27 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13B273A197F for <sidrops@ietf.org>; Tue, 11 May 2021 07:20:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 2FF4C300BDE for <sidrops@ietf.org>; Tue, 11 May 2021 10:20:25 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id st8s0yC73m59 for <sidrops@ietf.org>; Tue, 11 May 2021 10:20:19 -0400 (EDT)
Received: from [192.168.1.161] (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 9F2FD300B38; Tue, 11 May 2021 10:20:18 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.20\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CAKr6gn18yGTrAiqPA2P+kc+JBt2Tf8D-G4Gf5WCnASm8vk1Fvg@mail.gmail.com>
Date: Tue, 11 May 2021 10:20:17 -0400
Cc: Randy Bush <randy@psg.com>, SIDR Operations WG <sidrops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4455A207-2637-444B-BDA0-1209425C2EF2@vigilsec.com>
References: <m2k0o6uqot.wl-randy@psg.com> <CAKr6gn3oCZBOP3L8AQWvH9Nk4fum-ycZCnHO_DUtgdx5M=z_+A@mail.gmail.com> <m2fsyuuofa.wl-randy@psg.com> <CAKr6gn18yGTrAiqPA2P+kc+JBt2Tf8D-G4Gf5WCnASm8vk1Fvg@mail.gmail.com>
To: George Michaelson <ggm@algebras.org>
X-Mailer: Apple Mail (2.3445.104.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/_6fF9liu8QazpA0BGxbb4iH6_SY>
Subject: Re: [Sidrops] draft-ietf-sidrops-rpki-has-no-identity-00
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 May 2021 14:20:32 -0000

George:

I am confused.  The RPKI design purposely avoids binding IIJ's identity to the resources assigned to IIJ. What kind of assertions need two signatures, one that ca be validated with an RPKI certificate and the other can be validated with a certificate from an identity-confirming PKI?

Russ


> On May 10, 2021, at 8:50 PM, George Michaelson <ggm@algebras.org> wrote:
> 
> holder of RPKI cert over 192.83.230.0/24 creates a nonce, and
> communicates it OOB to cert holder in "iij has a corporate x.509-based
> employee database" using their public key: this is private, only can
> be decoded by private keyholder.
> 
> the specific person, they sign "I saw nonce" with IIJ corp cert
> private key. they hand it back to RPKI cert person.
> 
> holder of RPKI cert validates: yep: under the IIJ TA they signed over
> the nonce I gave them. This private key, it is the one I passed the
> nonce to, no matter how indirect that happened, it wound up being a
> chain from the nonce to the Private Key. If you care, you need to
> communicate the nonce over some secure channel, but its out of band.
> 
> You sent them a thing only the bPKI private key holder can decode,
> they sent you back a reply only the bPKI private keyholder can encode.
> 
> you then sign over some other assertion, saying "I did a nonce check,
> and this private key here, which IIJ says is employee X, they seem to
> check out." with the INR you want to associate. Your RPKI sign, can
> only validate you control the INR. if you use either RTA or RSC, you
> co-validate the hash of >some other assertion< but only in X509
> cryptographic sense: the hash is asserted to be valid, under the
> constraint it was signed over by this specific RPKI INR. You cannot
> validate the >applicability< of that hash, it lies outside the RPKI
> validation model.
> 
> neither PKI has to breach its own validation policy. They only ever
> apply to validate the property of "which INR is associated with the
> specific assert being made here" for RPKI validation and "which
> identity, outside of RPKI, is being asserted here" for bPKI
> validation.
> 
> why did you trust the bPKI in the first place? You have a TA. Thats
> what TA do: they tell you to trust things. This isn't an RPKI TA, its
> a bPKI TA. I can imagine somebody is whispering PGP at this point.
> 
> -G
> 
> 
> On Tue, May 11, 2021 at 10:03 AM Randy Bush <randy@psg.com> wrote:
>> 
>>> If another mechanism can provide positive proof (eg an x509 identity
>>> certificate which lies under a non-RPKI TA you trust) then there is no
>>> barrier to countersigning an assertion over that proof (the public key
>>> and a nonce, for example) binding the INR you can validate inside the
>>> RPKI, and an identity which lies outside the RPKI.
>>> 
>>> and
>>> 
>>> No part of the RPKi validation can "prove" the identity in the
>>> signing. What it can do, is relate the INR in RPKI, to a specific
>>> assertion about identity. Validation of that assertion is not subject
>>> to RPKI validation. Validation of the INR which is being associated,
>>> is a function of the RPKI
>> 
>> are you trying to say
>> 
>>  the owner of some j random inr is attesting to some identity binding
>>  in some k random pki?
>> 
>> maybe a concrete example would help me wrap what is left of my head
>> around this.
>> 
>> there exists an rpki cert attesting to a holding of 192.83.230.0/24.
>> iij has a corporate x.509-based employee database in which i have a
>> cert.  so the unknown owner of 192.83.230.0/24 cross-signs (let's
>> leave out the ugnlies) my iij cert.  what is the real world meaning of
>> this?  in few small words.
>> 
>> or, what is the meaning if i cross-sign the cert for 203.119.101.18
>> from iij?
>> 
>> what are the attestations and what is the trust?
>> 
>> randy
>> 
>> ---
>> randy@psg.com
>> `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com`
>> signatures are back, thanks to dmarc header butchery
> 
> _______________________________________________
> Sidrops mailing list
> Sidrops@ietf.org
> https://www.ietf.org/mailman/listinfo/sidrops

v2.23.0 | Report a Bug | By Email