< draft-ietf-opsawg-finding-geofeeds-15.txt		draft-ietf-opsawg-finding-geofeeds-16.txt >
	Network Working Group R. Bush		Network Working Group R. Bush
	Internet-Draft IIJ & Arrcus		Internet-Draft IIJ & Arrcus
	Intended status: Standards Track M. Candela		Intended status: Standards Track M. Candela
	Expires: November 23, 2021 NTT		Expires: November 26, 2021 NTT
	W. Kumari		W. Kumari
	Google		Google
	R. Housley		R. Housley
	Vigil Security		Vigil Security
	May 22, 2021		May 25, 2021
	Finding and Using Geofeed Data		Finding and Using Geofeed Data
	draft-ietf-opsawg-finding-geofeeds-15		draft-ietf-opsawg-finding-geofeeds-16
	Abstract		Abstract
	This document specifies how to augment the Routing Policy		This document specifies how to augment the Routing Policy
	Specification Language inetnum: class to refer specifically to		Specification Language inetnum: class to refer specifically to
	geofeed data CSV files, and describes an optional scheme to use the		geofeed data CSV files, and describes an optional scheme to use the
	Routing Public Key Infrastructure to authenticate the geofeed data		Routing Public Key Infrastructure to authenticate the geofeed data
	CSV files.		CSV files.
	Status of This Memo		Status of This Memo
	skipping to change at page 1, line 39 ¶		skipping to change at page 1, line 39 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.		Drafts is at https://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on November 23, 2021.		This Internet-Draft will expire on November 26, 2021.
	Copyright Notice		Copyright Notice
	Copyright (c) 2021 IETF Trust and the persons identified as the		Copyright (c) 2021 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(https://trustee.ietf.org/license-info) in effect on the date of		(https://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 2, line 25 ¶		skipping to change at page 2, line 25 ¶
	3. inetnum: Class . . . . . . . . . . . . . . . . . . . . . . . 3		3. inetnum: Class . . . . . . . . . . . . . . . . . . . . . . . 3
	4. Authenticating Geofeed Data . . . . . . . . . . . . . . . . . 5		4. Authenticating Geofeed Data . . . . . . . . . . . . . . . . . 5
	5. Operational Considerations . . . . . . . . . . . . . . . . . 8		5. Operational Considerations . . . . . . . . . . . . . . . . . 8
	6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 9		6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 9
	7. Security Considerations . . . . . . . . . . . . . . . . . . . 9		7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
	8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10		8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
	9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10		9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10
	10. References . . . . . . . . . . . . . . . . . . . . . . . . . 10		10. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
	10.1. Normative References . . . . . . . . . . . . . . . . . . 10		10.1. Normative References . . . . . . . . . . . . . . . . . . 10
	10.2. Informative References . . . . . . . . . . . . . . . . . 12		10.2. Informative References . . . . . . . . . . . . . . . . . 12
	Appendix A. Example . . . . . . . . . . . . . . . . . . . . . . 13		Appendix A. Example . . . . . . . . . . . . . . . . . . . . . . 14
	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22		Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22
	1. Introduction		1. Introduction
	Providers of Internet content and other services may wish to		Providers of Internet content and other services may wish to
	customize those services based on the geographic location of the user		customize those services based on the geographic location of the user
	of the service. This is often done using the source IP address used		of the service. This is often done using the source IP address used
	to contact the service. Also, infrastructure and other services		to contact the service. Also, infrastructure and other services
	might wish to publish the locale of their services. [RFC8805]		might wish to publish the locale of their services. [RFC8805]
	defines geofeed, a syntax to associate geographic locales with IP		defines geofeed, a syntax to associate geographic locales with IP
	skipping to change at page 3, line 39 ¶		skipping to change at page 3, line 39 ¶
	Geofeed data do have privacy considerations, see Section 6; and this		Geofeed data do have privacy considerations, see Section 6; and this
	process makes bulk access to those data easier.		process makes bulk access to those data easier.
	This document also suggests an optional signature to strongly		This document also suggests an optional signature to strongly
	authenticate the data in the geofeed files.		authenticate the data in the geofeed files.
	3. inetnum: Class		3. inetnum: Class
	The original RPSL specifications starting with [RIPE81], [RIPE181],		The original RPSL specifications starting with [RIPE81], [RIPE181],
	and a trail of subsequent documents were done by the RIPE community.		and a trail of subsequent documents were done by the RIPE community.
	The IETF standardized RPSL in [RFC2725] and [RFC4012]. Since then,		The IETF standardized RPSL in [RFC2622] and [RFC4012]. Since then,
	it has been modified and extensively enhanced in the Regional		it has been modified and extensively enhanced in the Regional
	Internet Registry (RIR) community, mostly by RIPE, [RIPE-DB].		Internet Registry (RIR) community, mostly by RIPE, [RIPE-DB].
	Currently, change control effectively lies in the operator community.		Currently, change control effectively lies in the operator community.
	The Routing Policy Specification Language (RPSL), and [RFC2725] and		The Routing Policy Specification Language (RPSL), and [RFC2725] and
	[RFC4012] used by the Regional Internet Registries (RIRs) specifies		[RFC4012] used by the Regional Internet Registries (RIRs) specifies
	the inetnum: database class. Each of these objects describes an IP		the inetnum: database class. Each of these objects describes an IP
	address range and its attributes. The inetnum: objects form a		address range and its attributes. The inetnum: objects form a
	hierarchy ordered on the address space.		hierarchy ordered on the address space.
	skipping to change at page 7, line 39 ¶		skipping to change at page 7, line 39 ¶
	getting the department with the Hardware Security Module (HSM) to		getting the department with the Hardware Security Module (HSM) to
	sign the CMS blob is left as an exercise for the implementor. On the		sign the CMS blob is left as an exercise for the implementor. On the
	other hand, verifying the signature requires no complexity; the		other hand, verifying the signature requires no complexity; the
	certificate, which can be validated in the public RPKI, has the		certificate, which can be validated in the public RPKI, has the
	needed public key.		needed public key.
	The appendix MUST be 'hidden' as a series of "#" comments at the end		The appendix MUST be 'hidden' as a series of "#" comments at the end
	of the geofeed file. The following is a cryptographically incorrect,		of the geofeed file. The following is a cryptographically incorrect,
	albeit simple example. A correct and full example is in Appendix A.		albeit simple example. A correct and full example is in Appendix A.
	# RPKI Signature: 192.0.2.0/24		# RPKI Signature: 192.0.2.0 - 192.0.2.255
	# MIIGlwYJKoZIhvcNAQcCoIIGiDCCBoQCAQMxDTALBglghkgBZQMEAgEwDQYLKoZ		# MIIGlwYJKoZIhvcNAQcCoIIGiDCCBoQCAQMxDTALBglghkgBZQMEAgEwDQYLKoZ
	# IhvcNAQkQAS+gggSxMIIErTCCA5WgAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZu		# IhvcNAQkQAS+gggSxMIIErTCCA5WgAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZu
	...		...
	# imwYkXpiMxw44EZqDjl36MiWsRDLdgoijBBcGbibwyAfGeR46k5raZCGvxG+4xa		# imwYkXpiMxw44EZqDjl36MiWsRDLdgoijBBcGbibwyAfGeR46k5raZCGvxG+4xa
	# O8PDTxTfIYwAnBjRBKAqAZ7yX5xHfm58jUXsZJ7Ileq1S7G6Kk=		# O8PDTxTfIYwAnBjRBKAqAZ7yX5xHfm58jUXsZJ7Ileq1S7G6Kk=
	# End Signature: 192.0.2.0/24		# End Signature: 192.0.2.0 - 192.0.2.255
	The signature does not cover the signature lines.		The signature does not cover the signature lines.
	The bracketing "# RPKI Signature:" and "# End Signature:" MUST be		The bracketing "# RPKI Signature:" and "# End Signature:" MUST be
	present following the model as shown. Their IP address range MUST		present following the model as shown. Their IP address range MUST
	match that of the inetnum: URL followed to the file.		match that of the inetnum: URL followed to the file.
	[I-D.spaghetti-sidrops-rpki-rsc] describes and provides code for a		[I-D.spaghetti-sidrops-rpki-rsc] describes and provides code for a
	Cryptographic Message Syntax (CMS) profile for a general purpose		Cryptographic Message Syntax (CMS) profile for a general purpose
	listing of checksums (a 'checklist'), for use with the Resource		listing of checksums (a 'checklist'), for use with the Resource
	skipping to change at page 11, line 5 ¶		skipping to change at page 11, line 5 ¶
	10. References		10. References
	10.1. Normative References		10.1. Normative References
	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate		[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
	Requirement Levels", BCP 14, RFC 2119,		Requirement Levels", BCP 14, RFC 2119,
	DOI 10.17487/RFC2119, March 1997,		DOI 10.17487/RFC2119, March 1997,
	<https://www.rfc-editor.org/info/rfc2119>.		<https://www.rfc-editor.org/info/rfc2119>.
			[RFC2622] Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D.,
			Meyer, D., Bates, T., Karrenberg, D., and M. Terpstra,
			"Routing Policy Specification Language (RPSL)", RFC 2622,
			DOI 10.17487/RFC2622, June 1999,
			<https://www.rfc-editor.org/info/rfc2622>.
	[RFC2725] Villamizar, C., Alaettinoglu, C., Meyer, D., and S.		[RFC2725] Villamizar, C., Alaettinoglu, C., Meyer, D., and S.
	Murphy, "Routing Policy System Security", RFC 2725,		Murphy, "Routing Policy System Security", RFC 2725,
	DOI 10.17487/RFC2725, December 1999,		DOI 10.17487/RFC2725, December 1999,
	<https://www.rfc-editor.org/info/rfc2725>.		<https://www.rfc-editor.org/info/rfc2725>.
	[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818,		[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818,
	DOI 10.17487/RFC2818, May 2000,		DOI 10.17487/RFC2818, May 2000,
	<https://www.rfc-editor.org/info/rfc2818>.		<https://www.rfc-editor.org/info/rfc2818>.
	[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO		[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
End of changes. 9 change blocks.
	8 lines changed or deleted		14 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/