-03 with my hacks to russ's changes based on geoff's wall of text

draft-ietf-sidrops-rpki-has-no-identity.xml

@@ -11,7 +11,7 @@
 <?rfc tocindent="yes"?>
 <?rfc tocompact="yes"?>
 
-<rfc category="std" consensus="true" docName="draft-ietf-sidrops-rpki-has-no-identity-02" ipr="trust200902">
+<rfc category="std" consensus="true" docName="draft-ietf-sidrops-rpki-has-no-identity-03" ipr="trust200902">
 
 <front>
 
@@ -72,19 +72,22 @@
   <section anchor="intro" title="Introduction">
 
     <t>The Resource Public Key Infrastructure (RPKI), see <xref
-    target="RFC6480"/>, "represents the allocation hierarchy of IP
-    address space and Autonomous System (AS) numbers."  Though since, it
-    has grown to include other similar resource and routing data, e.g.
-    Router Keying for BGPsec, <xref target="RFC8635"/>.</t>
+    target="RFC6480"/>, "Represents the allocation hierarchy of IP
+    address space and Autonomous System (AS) numbers," which are
+    collectively known as Internet Number Resources (INRs).  Though
+    since, it has grown to include other similar resource and routing
+    data, e.g. Router Keying for BGPsec, <xref target="RFC8635"/>.</t>
 
-    <t>In security terms the phrase "Public Key" implies there are also
-    private keys, a la <xref target="RFC5280"/>.  And, as the RPKI has
-    strong authority over ownership of Internet Number Resources (INRs),
-    there is a desire to use the private keys to sign arbitrary
-    documents to attest that the 'owner' of those resources has attested
-    to the authenticity of those documents.  But in reality, it is an
-    authorization to speak for the named IP address blocks and AS
-    numbers themselves, not their unidentifiable owners.</t>
+    <t>In security terms the phrase "Public Key" implies there is also a
+    corresponding private key <xref target="RFC5280"/>.  The RPKI's
+    strong authority over ownership of INRs has misled some people
+    toward a desire to use RPKI private keys to sign arbitrary documents
+    attesting that the INR 'owner' of those resources has attested to
+    the authenticity of the document content.  But in reality, the RPKI
+    certificate is only an authorization to speak for for the explicitly
+    identified INRs; it is explicitly not intended for authentication of
+    the 'owners' of the INRs.  This situation is emphasized in Section
+    2.1 of <xref target="RFC6480"/>.</t>
 
     <t>It has been suggested that one could authenticate real world
     business transactions with the signatures of INR holders.  E.g.
@@ -99,6 +102,12 @@
     world holder(s) of those INRs.  The RPKI provides authorization to
     speak for the named IP address blocks and AS numbers.</t>
 
+    <t>In short, avoid the desire to use RPKI certificates for any
+    purpose other than the verification of authorizations associated
+    with the delegation of INRs or attestations related to INRs.
+    Instead, recognize that these authorizations and attestations take
+    place irrespective of the identity of a RPKI private key holder.</t>
+
     </section>
   
   <section anchor="bottom" title="The Bottom Line">
@@ -245,8 +254,9 @@
   <section anchor="acks" title="Acknowledgments">
 
     <t>The authors thank George Michaelson and Job Snijders for lively
-    discussion, Ties de Kock for useful suggestions, and last but not
-    least, Biff for the loan of Bill's Bait and Sushi.</t>
+    discussion, Geoff Huston for some more formal text, Ties de Kock for
+    useful suggestions, and last but not least, Biff for the loan of
+    Bill's Bait and Sushi.</t>
     
     </section>