From e88b419af5d945d37a269e64c1aee8efbbd12c10 Mon Sep 17 00:00:00 2001 From: Randy Bush Date: Wed, 5 Jan 2022 16:08:40 -0800 Subject: [PATCH] -03 with my hacks to russ's changes based on geoff's wall of text --- draft-ietf-sidrops-rpki-has-no-identity.xml | 40 +++++++++++++-------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/draft-ietf-sidrops-rpki-has-no-identity.xml b/draft-ietf-sidrops-rpki-has-no-identity.xml index a4b417d..43e8884 100644 --- a/draft-ietf-sidrops-rpki-has-no-identity.xml +++ b/draft-ietf-sidrops-rpki-has-no-identity.xml @@ -11,7 +11,7 @@ - + @@ -72,19 +72,22 @@
The Resource Public Key Infrastructure (RPKI), see , "represents the allocation hierarchy of IP - address space and Autonomous System (AS) numbers." Though since, it - has grown to include other similar resource and routing data, e.g. - Router Keying for BGPsec, . + target="RFC6480"/>, "Represents the allocation hierarchy of IP + address space and Autonomous System (AS) numbers," which are + collectively known as Internet Number Resources (INRs). Though + since, it has grown to include other similar resource and routing + data, e.g. Router Keying for BGPsec, . - In security terms the phrase "Public Key" implies there are also - private keys, a la . And, as the RPKI has - strong authority over ownership of Internet Number Resources (INRs), - there is a desire to use the private keys to sign arbitrary - documents to attest that the 'owner' of those resources has attested - to the authenticity of those documents. But in reality, it is an - authorization to speak for the named IP address blocks and AS - numbers themselves, not their unidentifiable owners. + In security terms the phrase "Public Key" implies there is also a + corresponding private key . The RPKI's + strong authority over ownership of INRs has misled some people + toward a desire to use RPKI private keys to sign arbitrary documents + attesting that the INR 'owner' of those resources has attested to + the authenticity of the document content. But in reality, the RPKI + certificate is only an authorization to speak for for the explicitly + identified INRs; it is explicitly not intended for authentication of + the 'owners' of the INRs. This situation is emphasized in Section + 2.1 of . It has been suggested that one could authenticate real world business transactions with the signatures of INR holders. E.g. @@ -99,6 +102,12 @@ world holder(s) of those INRs. The RPKI provides authorization to speak for the named IP address blocks and AS numbers. + In short, avoid the desire to use RPKI certificates for any + purpose other than the verification of authorizations associated + with the delegation of INRs or attestations related to INRs. + Instead, recognize that these authorizations and attestations take + place irrespective of the identity of a RPKI private key holder. +
@@ -245,8 +254,9 @@
The authors thank George Michaelson and Job Snijders for lively - discussion, Ties de Kock for useful suggestions, and last but not - least, Biff for the loan of Bill's Bait and Sushi. + discussion, Geoff Huston for some more formal text, Ties de Kock for + useful suggestions, and last but not least, Biff for the loan of + Bill's Bait and Sushi.