Securing Inter-Domain Routing (SIDR) WG Meeting

28 July 2008, 1740 - 1950

CHAIRS:

Geoff Huston, Sandy Murphy

NOTE TAKERS:

Paul Hoffman, Matt Lepinski

AGENDA:

1. Administrivia
       
       Minute taker
       Jabber Scribe
       Blue Sheets
       Agenda Bashing
   

2. Updated Drafts
       
       (a) Manifests for the Resource Public Key Infrastructure
           draft-ietf-sidr-rpki-manifests-01.txt
           Presenter: Geoff Huston
    
       (b) A Profile for X.509 PKIX Resource Certificates
           draft-huston-sidr-repos-struct-02.txt
           Presenter: George Michaelson
       
       (d) A Profile for Route Origin Authorizations (ROAs)
           draft-ietf-sidr-roa-format-03.txt
           Presenter: Matt Lepinski
       
       (e) A Protocol for Provisioning Resource Certificates
           draft-ietf-sidr-rescerts-provisioning-02.txt
           Presenter: Geoff Huston
       
   

3. New Drafts
       
       (a) Alternative RPKI Repository Retrieval Mechanism
           draft-sidr-fetch-00.txt
           Presenter: Terry Manderson

       
   

4. New Topics
       
       (a) Using RPKI secured data for existing routing policy tools
           Presenter: Ruediger Volk
   

SUMMARY:

The WG reviewed those drafts that had been updated since IETF71. Following minor revisions, the WG drafts will be Last Called on the WG mailing list.

The WG chairs confirmed a decision made on the mailing list to adopt three individual submissions as WG documents.

The WG reviewed an alternative approach for repository synchronization using HTTP, and the question of whether to adopt this document as a WG item will be put to the mailing list.

The WG reviewed a proposal to construct RPSL route objects from ROAs. There was no clear consensus from the WG to support this approach, and no further WG action was determined.

ACTIONS:

• Revise draft-ietf-sidr-rpki-manifests-01.txt and conduct a WG Last Call
• Revise draft-ietf-sidr-res-certs-10.txt and conduct a WG Last Call
• Submit draft-huston-sidr-bogons as a WG document
• Submit draft-huston-sidr-repos-struct as a WG document
• Submit draft-huston-sidr-roa-validation as a WG document
• WG poll on accepting draft-sidr-fetch-00.txt as a WG document

NOTES:

2) Updated Drafts

• Manifests for the Resource Public Key Infrastructure
  • Comment on the use of MUST for CRL in the CMS of Manifests,
  • Should be amended, as the CRL is already published in the repository and references in the Manifest.
  • Draft to be revised accordingly and WG Last Call conducted.
   
  
• A Profile for X.509 PKIX Resource Certificates
  • Draft is ready for WG Last Call.
   
  
• A Profile for Resource Certificate Repository Structure
  • Draft to be resubmitted as a WG document, then WG Last Call conducted.
   
  
• A Profile for Route Origin Authorizations (ROAs)
  • Changes from -02:
    • Added a maximum length for the ROA IP address to limit the range of possible prefixes authorized by the ROA.
  • Open issues:
    • Canonical format for IP addresses in ROAs?
      • No one indicated a need to test for ROA equivalence.
        
      • A problem was identified with the current text: If the EE cert identifies a /20 and the ROA lists two /21's there's no way to do an "exact" match.
      • Need to do a 'covered-by' operation when comparing with EE cert. This may be easier if ROA prefixes are sorted, ignoring the max length.
    • Should the ROA format permit multiple EE certs?
      • Adds a bit of additional implementation complexity.
      • Allows an entity with two different certs to advertise an aggregate that spans the two certs (see example in slides).
      • The problem that multiple signatures solves may be a rare occurrence.
      • However, if we don't include multiple signatures in the ROA format, this will be a difficult problem to fix later on.
   
  
• A Protocol for Provisioning Resource Certificates
  • Draft needs more in the Security Considerations

  3) New Drafts

  • Alternative RPKI Repository Retrieval Mechanism
    • Proposes an optional alternative to rsync that uses an IETF protocol for repository retrieval
    • Comment that we don't need more than rsync, and that this approach is not particularly efficient even though it is better than blindly getting everything.
    • This approach would require an HTTP 1.1 client to work well. Should HTTP 1.1 be a MUST?
    • Need to specify when you open a connection, and when you keep it open.
    • Question about motivation for this approach, and where the benefits And costs were.
    • Comment that we understand how to get HTTP to scale widely
    • Will decide on the list whether to make it a WG document

  4) New Topics

  • Using RPKI secured data for existing routing policy tools
    • Question as to whether this approach helps, or opens further security holes?
    • The observation is that the semantics of a route object is a set of assertions of by an AS holder about the complete set of prefixes that the AS in question may originate, while the semantics of a ROA is a prefix holder's authority for an AS to originate that prefix. Synthesising a route object from a ROA makes an inappropriate assumption that the semantics of the two objects are equivalent.
    • Comment that this is less bad than what we do today
    • Comment that this proposal would benefit from an analysis of known issues with this approach and whether there are potential methods of mitigation