Securing Inter-Domain Routing (SIDR) WG Meeting
28 July 2008, 1740 - 1950
CHAIRS:
Geoff Huston, Sandy Murphy
NOTE TAKERS:
Paul Hoffman, Matt Lepinski
AGENDA:
Administrivia
Minute taker
Jabber Scribe
Blue Sheets
Agenda Bashing
Updated Drafts
(a) Manifests for the Resource Public Key Infrastructure
draft-ietf-sidr-rpki-manifests-01.txt
Presenter: Geoff Huston
(b) A Profile for X.509 PKIX Resource Certificates
draft-huston-sidr-repos-struct-02.txt
Presenter: George Michaelson
(d) A Profile for Route Origin Authorizations (ROAs)
draft-ietf-sidr-roa-format-03.txt
Presenter: Matt Lepinski
(e) A Protocol for Provisioning Resource Certificates
draft-ietf-sidr-rescerts-provisioning-02.txt
Presenter: Geoff Huston
New Drafts
(a) Alternative RPKI Repository Retrieval Mechanism
draft-sidr-fetch-00.txt
Presenter: Terry Manderson
New Topics
(a) Using RPKI secured data for existing routing policy tools
Presenter: Ruediger Volk
SUMMARY:
The WG reviewed those drafts that had been updated since IETF71.
Following minor revisions, the WG drafts will be Last Called on the
WG mailing list.
The WG chairs confirmed a decision made on the mailing list to adopt
three individual submissions as WG documents.
The WG reviewed an alternative approach for repository
synchronization using HTTP, and the question of whether to adopt this
document as a WG item will be put to the mailing list.
The WG reviewed a proposal to construct RPSL route objects from
ROAs. There was no clear consensus from the WG to support this
approach, and no further WG action was determined.
ACTIONS:
- Revise draft-ietf-sidr-rpki-manifests-01.txt and conduct a WG Last Call
- Revise draft-ietf-sidr-res-certs-10.txt and conduct a WG Last Call
- Submit draft-huston-sidr-bogons as a WG document
- Submit draft-huston-sidr-repos-struct as a WG document
- Submit draft-huston-sidr-roa-validation as a WG document
- WG poll on accepting draft-sidr-fetch-00.txt as a WG document
NOTES:
2) Updated Drafts
- Manifests for the Resource Public Key Infrastructure
- Comment on the use of MUST for CRL in the CMS of Manifests,
- Should be amended, as the CRL is already published
in the repository and references in the Manifest.
- Draft to be revised accordingly and WG Last Call conducted.
- A Profile for X.509 PKIX Resource Certificates
- Draft is ready for WG Last Call.
- A Profile for Resource Certificate Repository Structure
- Draft to be resubmitted as a WG document, then WG Last Call
conducted.
- A Profile for Route Origin Authorizations (ROAs)
- Changes from -02:
- Added a maximum length for the ROA IP address to limit the
range of possible prefixes authorized by the ROA.
- Open issues:
- Canonical format for IP addresses in ROAs?
- No one indicated a need to test for ROA equivalence.
- A problem was identified with the current text: If the EE cert identifies a /20 and the ROA lists two /21's there's no way to do an "exact" match.
- Need to do a 'covered-by' operation when comparing with EE cert. This may be easier if ROA prefixes are sorted, ignoring the max length.
- Should the ROA format permit multiple EE certs?
-
- Adds a bit of additional implementation complexity.
- Allows an entity with two different certs to advertise an aggregate that spans the two certs (see example in slides).
- The problem that multiple signatures solves may be a rare occurrence.
- However, if we don't include multiple signatures in the ROA format, this will be a difficult problem to fix later on.
- A Protocol for Provisioning Resource Certificates
- Draft needs more in the Security Considerations
3) New Drafts
- Alternative RPKI Repository Retrieval Mechanism
- Proposes an optional
alternative to rsync that uses an IETF protocol for repository
retrieval
- Comment that we don't need more than rsync, and that this
approach is not particularly efficient even though it is
better than blindly getting everything.
- This approach would require an HTTP 1.1 client to work
well. Should HTTP 1.1 be a MUST?
- Need to specify when you open a connection, and when you keep
it open.
- Question about motivation for this approach, and where the
benefits And costs were.
- Comment that we understand how to get HTTP to scale widely
- Will decide on the list whether to make it a WG document
4) New Topics
- Using RPKI secured data for existing routing policy tools
- Question as to whether this approach helps, or opens further
security holes?
- The observation is that the semantics of a route object is a
set of assertions of by an AS holder about the complete set
of prefixes that the AS in question may originate, while the
semantics of a ROA is a prefix holder's authority for an AS
to originate that prefix. Synthesising a route object from a
ROA makes an inappropriate assumption that the semantics of
the two objects are equivalent.
- Comment that this is less bad than what we do today
- Comment that this proposal would benefit from an analysis of
known issues with this approach and whether there are
potential methods of mitigation