From 626b90b855d589444af70af0aab23a6c2bab5086 Mon Sep 17 00:00:00 2001 From: Randy Bush Date: Mon, 15 Mar 2021 03:34:43 -0700 Subject: [PATCH] cite 6480 --- draft-ymbk-sidrops-rpki-has-no-identity.xml | 69 +++++++++++++-------- 1 file changed, 42 insertions(+), 27 deletions(-) diff --git a/draft-ymbk-sidrops-rpki-has-no-identity.xml b/draft-ymbk-sidrops-rpki-has-no-identity.xml index c12240d..90c731f 100644 --- a/draft-ymbk-sidrops-rpki-has-no-identity.xml +++ b/draft-ymbk-sidrops-rpki-has-no-identity.xml @@ -75,7 +75,7 @@ with the signatures of INR holders. E.g. for Bill's Bait and Sushi to use their AS in the RPKI to sign a Letter of Authorization (LOA) for some other party to rack and stack hardware owned by BB&S. - Unfortunately, this is not feasible. + Unfortunately, this is not formally feasible. The I in RPKI actually stands for "Infrastructure," as in Resource Public Key Infrastructure, not for "Identity". In fact, @@ -86,15 +86,28 @@
- The Template for a Certification Practice Statement (CPS) for the - Resource PKI (RPKI) Section 3.1, Naming, - makes very clear that "The Subject name in each certificate SHOULD - NOT be meaningful;" and goes on to do so at some length. + The RPKI base document, , Section 2.1 + says explicitly "An important property of this PKI is that + certificates do not attest to the identity of the subject." + + The "Template for a Certification Practice Statement (CPS) for + the Resource PKI (RPKI)" Section 3.1, + Naming, makes very clear that "The Subject name in each certificate + SHOULD NOT be meaningful;" and goes on to do so at some length. That the RPKI does not authenticate real world identity is a feature not a bug. If it tried to do so, it would end in a world of complexity with no proof of termination, as X.400 learned. + RPKI-based credentials of INRs MUST NOT be used to authenticate + real world documents or transactions without some formal external + authentication of the INR and the authority for the actually + anonymous INR holder to authenticate the particular document or + transaction. + + If there is sufficient external, i.e. non-RPKI, verifcation of + authority, then use of RPKI-based credentials seems superfluous. +
@@ -105,21 +118,20 @@ they have likely signed real world documents. As the INR owner does not have the keying material, they rely on - the CA, to which they presumably must present credentials, to - manipulate their INRs. These credentials may be userid/password + the CA, to which they presumably must present credentials, in order + to manipulate their INRs. These credentials may be userid/password (with two factor authentication one hopes), hardware tokens, client browser certificates, etc. Hence schemes such as and must go to great - lengths to extract the supposedly [not really] relevant keys from - the CA. + lengths to extract the supposedly relevant keys from the CA. - For some particular INR, say Bill's Bait and Sushi's AS number, - someone out on the net probably has the credentials to the CA - account in which BB&S's INRs are registered. That could be the - owner of BB&S, Roberto's Taco Stand, or the Government of - Elbonia. One simply can not know. + For some particular INR, say Bill's Bait and Sushi's Autonompus + System (AS) number, someone out on the net probably has the + credentials to the CA account in which BB&S's INRs are + registered. That could be the owner of BB&S, Roberto's Taco + Stand, or the Government of Elbonia. One simply can not know. In large operations, INR management is often compartmentalized with no authority over anything beyond dealing with INR @@ -128,12 +140,12 @@ to authorize access to BB&S's servers in some colocation facility. - There is also a temporal issue. The owner of an AS may be + There is the temporal issue that the owner of an INR may be BB&S today when some document was signed, and could be the Government of Elbonia tomorrow. Or the resource could have been administratively moved from one CA to another, likely requiring a - change of keys. If so, how to determine if the signature on the - real world document still valid? + change of keys. If so, how does one determine if the signature on + the real world document is still valid? While Ghostbuster Records may seem to identify real world entities, their semantic content is completely @@ -143,8 +155,8 @@ Usually, before registering INRs, CAs require proof of INR ownership via external documentation and authorities. It is - somewhat droll that the CPS template, , does - not mention any diligence the CA must, or even should, conduct to + somewhat droll that the CPS Template, , does + not mention any diligence the CA must, or even might, conduct to assure the INRs are in fact owned by a registrant.
@@ -152,16 +164,18 @@
Attempts to use RPKI data to authenticate real world documents or - other artifacts requiring identity are invalid and misleading. + other artifacts requiring identity are inappropriate and + dangerous. - The control of INRs for an entity could be used to falsely - authorize transactions or documents for which the INR manager has no + Control of INRs for an entity could be used to falsely authorize + transactions or documents for which the INR manager has no authority. - RPKI-based keying from INRs MUST NOT be used to authenticate real - world documents or transactions without some external authentication - of the INR and the authority for the actually anonymous INR holder - to authenticate the particular document or transaction. + RPKI-based credentials of INRs MUST NOT be used to authenticate + real world documents or transactions without some formal external + authentication of the INR and the authority for the actually + anonymous INR holder to authenticate the particular document or + transaction.
@@ -179,7 +193,8 @@
The authors thank George Michaelson and Job Snijders for lively - discussion. + discussion; and last but not least, Biff for the loan of Bill's Bait + and Sushi.