| < draft-ietf-lsvr-l3dl-signing-00.txt | draft-ietf-lsvr-l3dl-signing-01.txt > | |||
|---|---|---|---|---|
| Network Working Group R. Bush | Network Working Group R. Bush | |||
| Internet-Draft Arrcus & IIJ | Internet-Draft Arrcus & IIJ | |||
| Intended status: Standards Track R. Austein | Intended status: Standards Track R. Austein | |||
| Expires: November 27, 2020 Arrcus | Expires: July 30, 2021 Arrcus | |||
| May 26, 2020 | January 26, 2021 | |||
| Layer 3 Discovery and Liveness Signing | Layer 3 Discovery and Liveness Signing | |||
| draft-ietf-lsvr-l3dl-signing-00 | draft-ietf-lsvr-l3dl-signing-01 | |||
| Abstract | Abstract | |||
| The Layer 3 Discovery and Liveness protocol OPEN PDU may contain a | The Layer 3 Discovery and Liveness protocol OPEN PDU may contain a | |||
| key and a certificate, which can be used to verify signatures on | key and a certificate, which can be used to verify signatures on | |||
| subsequent PDUs. This document describes two mechanisms based on | subsequent PDUs. This document describes two mechanisms based on | |||
| digital signatures, one that is Trust On First Use (TOFU), and one | digital signatures, one that is Trust On First Use (TOFU), and one | |||
| that uses certificates to provide authentication as well as session | that uses certificates to provide authentication as well as session | |||
| integrity. | integrity. | |||
| skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 27, 2020. | This Internet-Draft will expire on July 30, 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 2, line 46 ¶ | skipping to change at page 2, line 46 ¶ | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 1. Introduction | 1. Introduction | |||
| This draft is being published without incorporating changes from an | This draft is being published without incorporating changes from an | |||
| excellent security review. This is being done so a couple of other | excellent security review. This is being done so a couple of other | |||
| drafts can reference it. While all comments will, of course, be | drafts can reference it. While all comments will, of course, be | |||
| appreciated, readers may want to wait for the -01 version. | appreciated, readers may want to wait for the -01 version. | |||
| The Layer 3 Discovery and Liveness protocol [I-D.ietf-lsvr-l3dl] OPEN | The Layer 3 Discovery and Liveness protocol [I-D.ietf-lsvr-l3dl] OPEN | |||
| PDU contains an algorithm specifier, a key, and a certificate, which | PDU contains an algorithm identifier, a key, and a certificate, which | |||
| can be used to verify signatures on subsequent PDUs. This document | can be used to verify signatures on subsequent PDUs. This document | |||
| describes two methods of key generation and signing for use by L3DL, | describes two methods of key generation and signing for use by L3DL, | |||
| Trust On First Use (TOFU) and a PKI-based mechanism to provide | Trust On First Use (TOFU) and a PKI-based mechanism to provide | |||
| authentication as well as session integrity. | authentication as well as session integrity. | |||
| The Key in the OPEN PDU SHOULD be the public key of an asymmetric key | The Key in the OPEN PDU SHOULD be the public key of an asymmetric key | |||
| pair. The sender signs with the private key, of course. The device | pair. The sender signs with the private key, of course. The device | |||
| sending the OPEN may use one key for all links, a different key for | sending the OPEN may use one key for all links, a different key for | |||
| each link, or some aggregation(s) thereof. | each link, or some mix(s) thereof. | |||
| In the TOFU method the OPEN key is generated on the sending device, | In the TOFU method the key sent in the OPEN PDU is generated on the | |||
| believed without question by the receiver, and used to verify all | sending device, is believed without question by the receiver, and | |||
| subsequent PDUs from the same sender with the same Key Type. | used to verify all subsequent PDUs from the same sender with the same | |||
| Key Algorithm. | ||||
| With the PKI-mechanism, an enrollment step is performed. The public | With the PKI-mechanism, an enrollment step is performed. The public | |||
| key is put into a certificate [RFC5280], which is signed by the the | key is put into a certificate [RFC5280], which is signed by the the | |||
| operational environment's trust anchor. In this way, the relying | operational environment's trust anchor. In this way, the relying | |||
| party can be confident that the public key is under control of the | party can be confident that the public key is under control of the | |||
| identified L3DL protocol entity. | identified L3DL protocol entity. | |||
| To the receiver verifying signatures on PDUs, the two methods are | To the receiver verifying signatures on PDUs, the two methods are | |||
| indistinguishable; the key provided in the OPEN PDU is used to verify | indistinguishable; the key provided in the OPEN PDU is used to verify | |||
| the signatures of subsequent PDUs. The difference that PKI-based | the signatures of subsequent PDUs. The difference that PKI-based | |||
| keys may be verified against the trust anchor when the OPEN PDU is | keys may be verified against the trust anchor when the OPEN PDU is | |||
| received. | received. | |||
| In the PKI method the OPEN key MUST be verified against the trust | In the PKI method the OPEN key MUST be verified against the trust | |||
| anchor for the operational domain. It is then used to verify all | anchor for the operational domain. The OPEN key is then used to | |||
| subsequent PDUs in the session. | verify all subsequent PDUs in the session. | |||
| 2. Trust On First Use Method | 2. Trust On First Use Method | |||
| There are three parts to using a key: signing PDUs, verifying the | There are three parts to using a key: signing PDUs, verifying the | |||
| OPEN PDU, and verifying subsequent PDUs. | OPEN PDU, and verifying subsequent PDUs. | |||
| 2.1. Signing a PDU | 2.1. Signing a PDU | |||
| All signed PDUs are generated in the same way: | All signed PDUs are generated in the same way: | |||
| o Compose the PDU, with all fields including "Sig Type" and | o Compose the PDU, with all fields including "Sig Algo" and | |||
| "Signature Length" set, but omitting the trailing "Signature" | "Signature Length" set, but omitting the trailing "Signature" | |||
| field itself. The Certificate Length should be zero and the | field itself. The Certificate Length should be zero and the | |||
| Certificate field should be empty. This is the "message to be | Certificate field should be empty. This is the "message to be | |||
| signed" for purposes of the signature algorithm. | signed" for purposes of the signature algorithm. | |||
| o Generate the signature as specified for the chosen signature | o Generate the signature as specified for the chosen signature | |||
| suite, using the private member of the asymmetric key pair. In | suite, using the private member of the asymmetric key pair. In | |||
| general this will involve first hashing the "message to be signed" | general this will involve first hashing the "message to be signed" | |||
| then signing the hash, but the precise details may vary with the | then signing the hash, but the precise details may vary with the | |||
| specific algorithm. The result will be a sequence of octets, the | specific algorithm. The result will be a sequence of octets, the | |||
| skipping to change at page 6, line 22 ¶ | skipping to change at page 6, line 22 ¶ | |||
| combinations for Key and Certificate are probably: | combinations for Key and Certificate are probably: | |||
| o Not signing: sender need not sign, receiver does not check. | o Not signing: sender need not sign, receiver does not check. | |||
| o Require TOFU: sender MUST supply key and receiver MUST check, | o Require TOFU: sender MUST supply key and receiver MUST check, | |||
| certificate not needed and ignored if sent. | certificate not needed and ignored if sent. | |||
| o Allow TOFU: sender must supply key and receiver MUST check, | o Allow TOFU: sender must supply key and receiver MUST check, | |||
| receiver SHOULD check certificate if supplyed by sender. | receiver SHOULD check certificate if supplyed by sender. | |||
| o Require PKI: sender must supply key and certificate, receiver must | o Require PKI: sender MUST supply key and certificate, receiver MUST | |||
| check both. | check both. | |||
| 5. NEWKEY, Key Roll | 5. NEWKEY, Key Roll | |||
| Modern key management allows for agility in 'rolling' to a new key or | Modern key management allows for agility in 'rolling' to a new key or | |||
| even algorithm in case of key expiry, key compromise, or merely | even algorithm in case of key expiry, key compromise, or merely | |||
| prudence. Declaring a new key with an L3DL OPEN PDU would cause | prudence. Declaring a new key with an L3DL OPEN PDU would cause | |||
| serious churn in topology as a new OPEN may cause a withdraw of | serious churn in topology as a new OPEN may cause a withdraw of | |||
| previously announced encapsulations. Therefore, a gentler rekeying | previously announced encapsulations. Therefore, a gentler rekeying | |||
| is needed. | is needed. | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Type = 8 | Payload Length | New Key Type | | | Type = 8 | Payload Length | New Key Algor | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | New Key Length | New Key ... | | | New Key Length | New Key ... | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | | New Cert Length | | | | New Cert Length | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | New Certificate ... | | | New Certificate ... | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Old Sig Type | Old Signature Length | | | | Old Sig Type | Old Signature Length | | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | |||
| | Old Signature ... | | | Old Signature ... | | |||
| skipping to change at page 8, line 18 ¶ | skipping to change at page 8, line 18 ¶ | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| This document requests the IANA create a new entry in the L3DL PDU | This document requests the IANA create a new entry in the L3DL PDU | |||
| Type registry as follows: | Type registry as follows: | |||
| PDU | PDU | |||
| Code PDU Name | Code PDU Name | |||
| ---- ------------------- | ---- ------------------- | |||
| 8 NEWKEY | 8 NEWKEY | |||
| This document requests the IANA add a registry entry for "TOFU - | This document requests the IANA add registry entries for "TOFU - | |||
| Trust On First Use" to the L3DL-Signature-Type registry as follows: | Trust On First Use" and "PKI" to the L3DL-Signature-Type registry as | |||
| follows: | ||||
| Number Name | Number Name | |||
| ------ ------------------- | ------ ------------------- | |||
| 1 TOFU - Trust On First Use | 1 TOFU - Trust On First Use | |||
| 2 PKI | 2 PKI | |||
| 8. Acknowledgments | 8. Acknowledgments | |||
| The authors than Russ Housley for advice and review. | The authors thank Russ Housley for advice and reviews. | |||
| 9. Normative References | 9. Normative References | |||
| [I-D.ietf-lsvr-l3dl] | [I-D.ietf-lsvr-l3dl] | |||
| Bush, R., Austein, R., and K. Patel, "Layer 3 Discovery | Bush, R., Austein, R., and K. Patel, "Layer 3 Discovery | |||
| and Liveness", draft-ietf-lsvr-l3dl-04 (work in progress), | and Liveness", draft-ietf-lsvr-l3dl-06 (work in progress), | |||
| May 2020. | July 2020. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | |||
| Housley, R., and W. Polk, "Internet X.509 Public Key | Housley, R., and W. Polk, "Internet X.509 Public Key | |||
| Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
| (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | |||
| End of changes. 14 change blocks. | ||||
| 20 lines changed or deleted | 22 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||