[Sidrops] What should an RP do on different public key, same subject name?
Alberto Leiva <ydahhrk@gmail.com> Mon, 07 February 2022 22:50 UTC
Return-Path: <ydahhrk@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 6CE103A0EAF
for <sidrops@ietfa.amsl.com>; Mon, 7 Feb 2022 14:50:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.099
X-Spam-Level:
X-Spam-Status: No, score=-7.099 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id orfZtlTpI0ls for <sidrops@ietfa.amsl.com>;
Mon, 7 Feb 2022 14:50:00 -0800 (PST)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com
[IPv6:2a00:1450:4864:20::12c])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id AD6523A0EBD
for <sidrops@ietf.org>; Mon, 7 Feb 2022 14:49:59 -0800 (PST)
Received: by mail-lf1-x12c.google.com with SMTP id i17so3746465lfg.11
for <sidrops@ietf.org>; Mon, 07 Feb 2022 14:49:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:from:date:message-id:subject:to;
bh=gi1hSd+03sidSjbq/ztRtF4muv1bgwSGsoFLryU+M0w=;
b=S7D3oGs27eV8DAA+ZbVxvCr7bjWoypRVSHjHcFMWdrUMKIfV7jM1L3+EJ9+p0oYFY1
qPFkgwp/Ef8CMnBin/WLJHar6iR2+y8yWn5MsVsMFekjCSAnDw31UBwQbrTzoAkK57kU
AZfP14OgLRhMza/tPWioUvzr1Q1EADBsHU6cHtlDekU/Szi6SMsjfU00l0qzuquqt2E3
NhLjGmtui1qJS81N8xAwvotSCcowEH9Q2C4zidu5R9wOHWJaSUU/EPCSDZQUsitVOxtD
8qc69y+YJxwENeShk5xi2uOkj59jknu8vbXYUapB5mF7tidBU0tVCzX0p76VHm2PNjUy
WTvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=gi1hSd+03sidSjbq/ztRtF4muv1bgwSGsoFLryU+M0w=;
b=BZPv7Cj2lf9BrRT9V0/VcXo3PV2dNQXU7bXz2PSrFsTwqSNPzl9DYCwtyEAbaj7Id/
wTUg20vChCK2hrQO1A43kQwh6zipmtJ+XrBeI8NLA0f2qcgKh/KZj6UZv6kXFu0Usfxj
v1V1bm2iCcqKMAj/w1mBI2zyTCwSVAeNEuEsK9mKThE3JE2/R1a7neoWolpVmCNirP9X
A06c50g+3gSJ9TNeh2jZsl/d0ofGSnJXkGROhpBmt5eqDqEw84GDhaUjUb9hXYw/eIHR
72kI8zOfXTiLfr7amJROoq2AP+aqcB5d5vGRuqJSAEdUxVPcB7jqCjK/9y/4wNDOeVnf
ta7w==
X-Gm-Message-State: AOAM530Yucoo5fDHvbhnkGZaaYqsVeLGdL9OWCs0xrmLbI67iZAwUnNc
qauX0aVuFK8ChSSnS5adb9Z0TGpGys79Ap0lb7RtuyH5n3U=
X-Google-Smtp-Source: ABdhPJwrxee5CPj18OHpZlxePp5wgCV6qH3cQSIfaxQI/ryaWcBTyowM61UVWjO5N6dAbqPjw8BfDThjOwgJ2Z6xj+k=
X-Received: by 2002:ac2:5a0c:: with SMTP id q12mr1166093lfn.488.1644274196445;
Mon, 07 Feb 2022 14:49:56 -0800 (PST)
MIME-Version: 1.0
From: Alberto Leiva <ydahhrk@gmail.com>
Date: Mon, 7 Feb 2022 16:49:45 -0600
Message-ID: <CAA0dE=Xpf5_G+KRzXEbPTojVUYYskepAOf_83anj_90+mQSQ=Q@mail.gmail.com>
To: sidrops@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/mXWbCwh6RO8pAtt7N30Q9m6jUws>
Subject: [Sidrops] What should an RP do on different public key,
same subject name?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>,
<mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>,
<mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2022 22:50:10 -0000
Hi. I'm maintaining FORT, an RP implementation. I found a validation
FORT seems to be implementing incorrectly, and the RFCs are giving me
trouble. Can I have some advice?
RFC 6487:
> Each distinct subordinate CA and
> EE certified by the issuer MUST be identified using a subject name
> that is unique per issuer. In this context, 'distinct' is defined as
> an entity and a given public key.
Bit awkward for my taste. Removing some redundancy:
> Each distinct subordinate CA and EE certified by the issuer MUST have
> a unique subject name. In this context, 'distinct' is defined as an
> entity and a given public key.
Trimming fat:
> Each distinct child certified by the issuer MUST have a unique
> subject name. In this context, 'distinct' is defined as an entity and
> a given public key.
Translation:
> Sibling certificates MUST have different subject names. Among a
> parent's children, siblings are identified by their [entity, public
> key] tuple.
("Entity" is seemingly not defined by any relevant glossaries [if
you're going to update these documents at some point, might I suggest
this gets fixed], but from RFC 6484, we can surmise it means "INR
Holder.")
The requirement is kind of circular because an entity would normally
be identified by its parent certificate and subject name... right? How
else would an RPKI consumer identify the entity?
Educated guess:
> Sibling certificates MUST have different subject names. Among a
> parent's children, siblings are identified by their [parent, subject
> name, public key] tuple.
Given that we've established that we're talking about siblings, the
parent is always the same, so it becomes
> Sibling certificates MUST have different subject names. Among a
> parent's children, siblings are identified by their [subject name,
> public key] tuple.
Circular because of the double "subject name":
> Given two siblings, if their [subject name, public key] is different,
> then their subject names MUST also be different.
In other words, given sibling certificates A and B, subject names a
and b, public keys m and n, a != b and m != n, then
- If A = [a, m] and B = [a, m], then no constraints must be imposed. (A = B)
- If A = [a, m] and B = [a, n], then a != a. This makes no sense, and
is thus illegal.
- If A = [a, m] and B = [b, m], then a != b. Self-evident.
- If A = [a, m] and B = [b, n], then a != b. Self-evident.
So... assuming my several flights of fancy have so far been correct,
the requirement can be reduced to
> If two sibling certificates have different public keys, then they
> MUST have different subject names as well.
ie. this whole mess is just a reword of the (infinitely more
comfortably articulated) immediately following RFC 6487 sentence:
> An issuer SHOULD use a different subject name if the subject's key
> pair has changed (i.e., when the CA issues a certificate as part of
> re-keying the subject.)
Except... the two requirements are actually contradicting each other:
The former is defined as a MUST and the latter is a SHOULD.
------------------------------
Ok. That established, here's the point:
Would it be reasonable for an RP implementation to trim branches off
the tree if they violate the above rule?
The point of this rule is to prevent broken key rollovers... right? I
think? So, is a bad key rollover grounds to chop pieces off the
Internet?
Does this requirement exist to somehow simplify the work of RPs, or to
be enforced by RPs? Are RPs supposed to care?
I'm thinking about dumping a warning on syslog and keep going, but I'm
not sure there'd be a point to it.
(And which is it? MUST or SHOULD?)
Thanks in advance,
Alberto
- [Sidrops] What should an RP do on different publi… Alberto Leiva
- Re: [Sidrops] What should an RP do on different p… Di Ma
- Re: [Sidrops] What should an RP do on different p… Stephen Kent
- Re: [Sidrops] What should an RP do on different p… Alberto Leiva