-07 published
This commit is contained in:
parent
993d7dae5c
commit
f0d6a23664
1 changed files with 12 additions and 9 deletions
|
|
@ -11,7 +11,7 @@
|
|||
<?rfc tocindent="yes"?>
|
||||
<?rfc tocompact="yes"?>
|
||||
|
||||
<rfc category="std" consensus="true" submissionType="IETF" docName="draft-ietf-sidrops-rpki-has-no-identity-06" ipr="trust200902">
|
||||
<rfc category="std" consensus="true" submissionType="IETF" docName="draft-ietf-sidrops-rpki-has-no-identity-07" ipr="trust200902">
|
||||
|
||||
<front>
|
||||
|
||||
|
|
@ -105,7 +105,8 @@
|
|||
the RPKI does not provide any association between INRs and the real
|
||||
world holder(s) of those INRs. The RPKI provides authorization to
|
||||
make assertions only regarding Internet Number Resources, such as IP
|
||||
prefixes or AS numbers, and data such as ASPA records.</t>
|
||||
prefixes or AS numbers, and data such as ASPA <xref
|
||||
target="I-D.ietf-sidrops-aspa-profile"/>records.</t>
|
||||
|
||||
<t>In short, avoid the desire to use RPKI certificates for any
|
||||
purpose other than the verification of authorizations associated
|
||||
|
|
@ -135,11 +136,11 @@
|
|||
|
||||
<t>That is, RPKI-based credentials of INRs MUST NOT be used to
|
||||
authenticate real-world documents or transactions. That might be
|
||||
done with some formal external authentication of authority for an
|
||||
otherwise anonymous INR holder to authenticate the particular
|
||||
done with some formal external authentication of authority allowing
|
||||
an otherwise anonymous INR holder to authenticate the particular
|
||||
document or transaction. Given such external, i.e. non-RPKI,
|
||||
verification of authority, the use of RPKI-based credentials seems
|
||||
superfluous.</t>
|
||||
verification of authority, the use of RPKI-based credentials adds no
|
||||
authenticity.</t>
|
||||
|
||||
</section>
|
||||
|
||||
|
|
@ -217,7 +218,8 @@
|
|||
<section anchor="security" title="Security Considerations">
|
||||
|
||||
<t>Attempts to use RPKI data to authenticate real-world documents or
|
||||
other artifacts requiring identity are invalid and misleading.</t>
|
||||
other artifacts requiring identity, while possibly cryptographically
|
||||
valid within the RPKI, are misleading as to any authenticity.</t>
|
||||
|
||||
<t>When a document is signed with the private key associated with an
|
||||
RPKI certificate, the signer is speaking for the INRs, the IP
|
||||
|
|
@ -257,8 +259,8 @@
|
|||
|
||||
<t>The authors thank George Michaelson and Job Snijders for lively
|
||||
discussion, Geoff Huston for some more formal text, Ties de Kock for
|
||||
useful suggestions, and last but not least, Biff for the loan of
|
||||
Bill's Bait and Sushi.</t>
|
||||
useful suggestions, many directorate and IESG reviewers, and last
|
||||
but not least, Biff for the loan of Bill's Bait and Sushi.</t>
|
||||
|
||||
</section>
|
||||
|
||||
|
|
@ -280,6 +282,7 @@
|
|||
<?rfc include="reference.RFC.6493.xml"?>
|
||||
<?rfc include="reference.I-D.ietf-sidrops-rpki-rsc.xml"?>
|
||||
<?rfc include="reference.I-D.ietf-sidrops-rpki-rta.xml"?>
|
||||
<?rfc include="reference.I-D.ietf-sidrops-aspa-profile.xml"?>
|
||||
</references>
|
||||
|
||||
</back>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue