| < draft-ietf-sidr-bgpsec-algs-10.txt | draft-ietf-sidr-bgpsec-algs-11.txt > | |||
|---|---|---|---|---|
| Secure Inter-Domain Routing Working Group S. Turner | Secure Inter-Domain Routing Working Group S. Turner | |||
| Internet-Draft IECA, Inc. | Internet-Draft IECA, Inc. | |||
| Updates: 6485 (if approved) July 20, 2015 | Updates: 6485bis (if approved) August 6, 2015 | |||
| Intended status: BCP | Intended status: BCP | |||
| Expires: January 21, 2016 | Expires: February 7, 2016 | |||
| BGPsec Algorithms, Key Formats, & Signature Formats | BGPsec Algorithms, Key Formats, & Signature Formats | |||
| draft-ietf-sidr-bgpsec-algs-10 | draft-ietf-sidr-bgpsec-algs-11 | |||
| Abstract | Abstract | |||
| This document specifies the algorithms, algorithms' parameters, | This document specifies the algorithms, algorithms' parameters, | |||
| asymmetric key formats, asymmetric key size and signature format used | asymmetric key formats, asymmetric key size and signature format used | |||
| in BGPsec (Border Gateway Protocol Security). This document updates | in BGPsec (Border Gateway Protocol Security). This document updates | |||
| the Profile for Algorithms and Key Sizes for use in the Resource | the Profile for Algorithms and Key Sizes for use in the Resource | |||
| Public Key Infrastructure (RFC 6485). | Public Key Infrastructure (draft-ietf-sidr-rfc6485bis). | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| skipping to change at page 2, line 27 ¶ | skipping to change at page 2, line 27 ¶ | |||
| certificates [ID.sidr-bgpsec-pki-profiles], generating BGPsec Update | certificates [ID.sidr-bgpsec-pki-profiles], generating BGPsec Update | |||
| messages [ID.sidr-bgpsec-protocol], and verifying BGPsec Update | messages [ID.sidr-bgpsec-protocol], and verifying BGPsec Update | |||
| messages [ID.sidr-bgpsec-protocol]. | messages [ID.sidr-bgpsec-protocol]. | |||
| This document is referenced by the BGPsec specification [ID.sidr- | This document is referenced by the BGPsec specification [ID.sidr- | |||
| bgpsec-protocol] and the profile for BGPsec Router Certificates and | bgpsec-protocol] and the profile for BGPsec Router Certificates and | |||
| Certification Requests [ID.sidr-bgpsec-pki-profiles]. Familiarity | Certification Requests [ID.sidr-bgpsec-pki-profiles]. Familiarity | |||
| with these documents is assumed. Implementers are reminded, however, | with these documents is assumed. Implementers are reminded, however, | |||
| that, as noted in Section 2 of [ID.sidr-bgpsec-pki-profiles], the | that, as noted in Section 2 of [ID.sidr-bgpsec-pki-profiles], the | |||
| algorithms used to sign CA Certificates, BGPsec Router Certificates, | algorithms used to sign CA Certificates, BGPsec Router Certificates, | |||
| and CRLs are found in [RFC6485]. | and CRLs are found in [ID.sidr-rfc6485bis]. | |||
| This document updates [RFC6485] to add support for a) a different | This document updates [ID.sidr-rfc6485bis] to add support for a) a | |||
| algorithm for BGPsec certificate requests, which are only issued by | different algorithm for BGPsec certificate requests, which are only | |||
| BGPsec speakers; b) a different Subject Public Key Info format for | issued by BGPsec speakers; b) a different Subject Public Key Info | |||
| BGPsec certificates, which is needed for the specified BGPsec | format for BGPsec certificates, which is needed for the specified | |||
| signature algorithm; and, c) a different signature format for BGPsec | BGPsec signature algorithm; and, c) a different signature format for | |||
| signatures, which is needed for the specified BGPsec signature | BGPsec signatures, which is needed for the specified BGPsec signature | |||
| algorithm. The BGPsec certificate are differentiated from other RPKI | algorithm. The BGPsec certificate are differentiated from other RPKI | |||
| certificates by the use of the BGPsec Extended Key Usage defined in | certificates by the use of the BGPsec Extended Key Usage defined in | |||
| [ID.sidr-bgpsec-pki-profiles]. | [ID.sidr-bgpsec-pki-profiles]. | |||
| 1.1. Terminology | 1.1. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| [RFC2119]. | [RFC2119]. | |||
| 2. Algorithms | 2. Algorithms | |||
| Four cryptographic algorithms are used to support BGPsec: | Four cryptographic algorithms are used to support BGPsec: | |||
| o The signature algorithm used when issuing BGPsec certificates and | o The signature algorithm used when issuing BGPsec certificates and | |||
| CRLs, which would revoke BGPsec certificates, MUST be as | CRLs, which would revoke BGPsec certificates, MUST be as | |||
| specified in [RFC6485]. | specified in [ID.sidr-rfc6485bis]. | |||
| o The signature algorithm used in certification requests and BGPsec | o The signature algorithm used in certification requests and BGPsec | |||
| Update messages MUST be Elliptic Curve Digital Signature | Update messages MUST be Elliptic Curve Digital Signature | |||
| Algorithm (ECDSA) [RFC6090]. | Algorithm (ECDSA) [RFC6090]. | |||
| o The hashing algorithm used when issuing certificates and CRLs | o The hashing algorithm used when issuing certificates and CRLs | |||
| MUST be as specified in [RFC6485]. | MUST be as specified in [ID.sidr-rfc6485bis]. | |||
| o The hashing algorithm use when generating certification requests | o The hashing algorithm use when generating certification requests | |||
| and BGPsec Update messages MUST be SHA-256 [SHS]. Hash | and BGPsec Update messages MUST be SHA-256 [SHS]. Hash | |||
| algorithms are not identified by themselves in certificates, or | algorithms are not identified by themselves in certificates, or | |||
| BGPsec Update messages instead they are combined with the digital | BGPsec Update messages instead they are combined with the digital | |||
| signature algorithm (see below). | signature algorithm (see below). | |||
| NOTE: The exception to the above hashing algorithm is the use of | NOTE: The exception to the above hashing algorithm is the use of | |||
| SHA-1 [SHS] when CAs generate authority and subject key | SHA-1 [SHS] when CAs generate authority and subject key | |||
| identifiers [RFC6487]. | identifiers [RFC6487]. | |||
| To support BGPsec, the algorithms are identified as follows: | To support BGPsec, the algorithms are identified as follows: | |||
| o In certificates and CRLs, an Object Identifier (OID) is used. | o In certificates and CRLs, an Object Identifier (OID) is used. | |||
| The value and locations are as specified in section 2 of | The value and locations are as specified in section 2 of | |||
| [RFC6485]. | [ID.sidr-rfc6485bis]. | |||
| o In certification request, an OID is used. The ecdsa-with-SHA256 | o In certification request, an OID is used. The ecdsa-with-SHA256 | |||
| OID [RFC5480] MUST appear in the PKCS #10 signatureAlgorithm | OID [RFC5480] MUST appear in the PKCS #10 signatureAlgorithm | |||
| field [RFC2986] or in Certificate Request Message Format (CRMF) | field [RFC2986] or in Certificate Request Message Format (CRMF) | |||
| POPOSigningKey algoirthm field [RFC4211]. | POPOSigningKey algoirthm field [RFC4211]. | |||
| o In BGPsec Update messages, the ECDSA with SHA-256 Algorithm Suite | o In BGPsec Update messages, the ECDSA with SHA-256 Algorithm Suite | |||
| Identifier from Section 7 is included in the Signature-Block | Identifier from Section 7 is included in the Signature-Block | |||
| List's Algorithm Suite Identifier field. | List's Algorithm Suite Identifier field. | |||
| 3. Asymmetric Key Format | 3. Asymmetric Key Format | |||
| The RSA key pairs used to compute signatures on CA certificates, | The RSA key pairs used to compute signatures on CA certificates, | |||
| BGPsec Router Certificates, and CRLs are as specified in section 3 of | BGPsec Router Certificates, and CRLs are as specified in section 3 of | |||
| [RFC6485]. The remainder of this section addresses key formats found | [ID.sidr-rfc6485bis]. The remainder of this section addresses key | |||
| in the BGPsec router certificate requests and in BGPsec Router | formats found in the BGPsec router certificate requests and in BGPsec | |||
| Certificates. | Router Certificates. | |||
| The ECDSA key pairs used to compute signatures for certificate | The ECDSA key pairs used to compute signatures for certificate | |||
| requests and BGPsec Update messages MUST come from the P-256 curve | requests and BGPsec Update messages MUST come from the P-256 curve | |||
| [RFC5480]. The public key pair MUST use the uncompressed form. | [RFC5480]. The public key pair MUST use the uncompressed form. | |||
| 3.1. Public Key Format | 3.1. Public Key Format | |||
| The Subject's public key is included in subjectPublicKeyInfo | The Subject's public key is included in subjectPublicKeyInfo | |||
| [RFC5280]. It has two sub-fields: algorithm and subjectPublicKey. | [RFC5280]. It has two sub-fields: algorithm and subjectPublicKey. | |||
| The values for the structures and their sub-structures follow: | The values for the structures and their sub-structures follow: | |||
| skipping to change at page 4, line 39 ¶ | skipping to change at page 4, line 39 ¶ | |||
| certificate's subjectPublicKey field, as specified in Section 2.2 | certificate's subjectPublicKey field, as specified in Section 2.2 | |||
| of [RFC5480]. | of [RFC5480]. | |||
| 3.2. Private Key Format | 3.2. Private Key Format | |||
| Local Policy determines private key format. | Local Policy determines private key format. | |||
| 4. Signature Format | 4. Signature Format | |||
| The structure for the certificate's and CRL's signature field MUST be | The structure for the certificate's and CRL's signature field MUST be | |||
| as specified in Section 4 of [RFC6485]. The structure for the | as specified in Section 4 of [ID.sidr-rfc6485bis]. The structure for | |||
| certification request's and BGPsec Update message's signature field | the certification request's and BGPsec Update message's signature | |||
| MUST be as specified in Section 2.2.3 of [RFC3279]. | field MUST be as specified in Section 2.2.3 of [RFC3279]. | |||
| 5. Additional Requirements | 5. Additional Requirements | |||
| It is anticipated that BGPsec will require the adoption of updated | It is anticipated that BGPsec will require the adoption of updated | |||
| key sizes and a different set of signature and hash algorithms over | key sizes and a different set of signature and hash algorithms over | |||
| time, in order to maintain an acceptable level of cryptographic | time, in order to maintain an acceptable level of cryptographic | |||
| security to protect the integrity of BGPsec. This profile should be | security to protect the integrity of BGPsec. This profile should be | |||
| updated to specify such future requirements, when appropriate. | updated to specify such future requirements, when appropriate. | |||
| CAs and RPs SHOULD be capable of supporting a transition to allow for | CAs and RPs SHOULD be capable of supporting a transition to allow for | |||
| skipping to change at page 5, line 26 ¶ | skipping to change at page 5, line 26 ¶ | |||
| previously specified algorithms and keys. Accordingly, CAs and RPs | previously specified algorithms and keys. Accordingly, CAs and RPs | |||
| SHOULD be capable of supporting multiple RPKI algorithm and key | SHOULD be capable of supporting multiple RPKI algorithm and key | |||
| profiles simultaneously within the scope of such anticipated | profiles simultaneously within the scope of such anticipated | |||
| transitions. The recommended procedures to implement such a | transitions. The recommended procedures to implement such a | |||
| transition of key sizes and algorithms is not specified in this | transition of key sizes and algorithms is not specified in this | |||
| document. | document. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| The Security Considerations of [RFC3279], [RFC5480], [RFC6090], | The Security Considerations of [RFC3279], [RFC5480], [RFC6090], | |||
| [RFC6485], and [ID.sidr-bgpsec-pki-profiles] apply to certificates. | [ID.sidr-rfc6485bis], and [ID.sidr-bgpsec-pki-profiles] apply to | |||
| The security considerations of [RFC3279], [RFC6090], [RFC6485], | certificates. The security considerations of [RFC3279], [RFC6090], | |||
| [ID.sidr-bgpsec-pki-profiles] apply to certification requests. The | [ID.sidr-rfc6485bis], [ID.sidr-bgpsec-pki-profiles] apply to | |||
| security considerations of [RFC3279], [ID.sidr-bgpsec-protocol], and | certification requests. The security considerations of [RFC3279], | |||
| [RFC6090] apply to BGPsec Update messages. No new security | [ID.sidr-bgpsec-protocol], and [RFC6090] apply to BGPsec Update | |||
| considerations are introduced as a result of this specification. | messages. No new security considerations are introduced as a result | |||
| of this specification. | ||||
| 7. IANA Considerations | 7. IANA Considerations | |||
| The Internet Assigned Numbers Authority (IANA) is requested to define | The Internet Assigned Numbers Authority (IANA) is requested to define | |||
| the "BGPsec Algorithm Suite Registry" described below. | the "BGPsec Algorithm Suite Registry" described below. | |||
| An algorithm suite consists of a digest algorithm and a signature | An algorithm suite consists of a digest algorithm and a signature | |||
| algorithm. This specification creates an IANA registry of one-octet | algorithm. This specification creates an IANA registry of one-octet | |||
| BGPsec algorithm suite identifiers. Additionally, this document | BGPsec algorithm suite identifiers. Additionally, this document | |||
| registers a single algorithm suite which uses the digest algorithm | registers a single algorithm suite which uses the digest algorithm | |||
| skipping to change at page 6, line 13 ¶ | skipping to change at page 6, line 13 ¶ | |||
| +----------------------------------------------------------------+ | +----------------------------------------------------------------+ | |||
| Future assignments are to be made using either the Standards Action | Future assignments are to be made using either the Standards Action | |||
| process defined in [RFC5226], or the Early IANA Allocation process | process defined in [RFC5226], or the Early IANA Allocation process | |||
| defined in [RFC7120]. Assignments consist of a digest algorithm | defined in [RFC7120]. Assignments consist of a digest algorithm | |||
| name, signature algorithm name, and the algorithm suite identifier | name, signature algorithm name, and the algorithm suite identifier | |||
| value. | value. | |||
| 8. Acknowledgements | 8. Acknowledgements | |||
| The author wishes to thank Geoff Huston for producing [RFC6485], | The author wishes to thank Geoff Huston for producing [ID.sidr- | |||
| which this document is heavily based on. I'd also like to thank | rfc6485bis], which this document is heavily based on. I'd also like | |||
| Roque Gagliano for his review and comments. | to thank Roque Gagliano for his review and comments. | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification | [RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification | |||
| Request Syntax Specification Version 1.7", RFC 2986, | Request Syntax Specification Version 1.7", RFC 2986, | |||
| skipping to change at page 7, line 5 ¶ | skipping to change at page 7, line 5 ¶ | |||
| Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
| (CRL) Profile", RFC 5280, May 2008. | (CRL) Profile", RFC 5280, May 2008. | |||
| [RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk, | [RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk, | |||
| "Elliptic Curve Cryptography Subject Public Key | "Elliptic Curve Cryptography Subject Public Key | |||
| Information", RFC 5480, March 2009. | Information", RFC 5480, March 2009. | |||
| [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic | [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic | |||
| Curve Cryptography Algorithms", RFC 6090, February 2011. | Curve Cryptography Algorithms", RFC 6090, February 2011. | |||
| [RFC6485] Huston, G., "The Profile for Algorithms and Key Sizes for | ||||
| Use in the Resource Public Key Infrastructure (RPKI)", | ||||
| RFC 6485, February 2012. | ||||
| [RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for | [RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for | |||
| X.509 PKIX Resource Certificates", RFC 6487, February 2012. | X.509 PKIX Resource Certificates", RFC 6487, February 2012. | |||
| [RFC7120] Cotton, M., "Early IANA Allocation of Standards Track Code | [RFC7120] Cotton, M., "Early IANA Allocation of Standards Track Code | |||
| Points", BCP 100, RFC 7120, January 2014. | Points", BCP 100, RFC 7120, January 2014. | |||
| [SHS] National Institute of Standards and Technology (NIST), "FIPS | [SHS] National Institute of Standards and Technology (NIST), "FIPS | |||
| Publication 180-3: Secure Hash Standard", FIPS Publication | Publication 180-3: Secure Hash Standard", FIPS Publication | |||
| 180-3, October 2008. | 180-3, October 2008. | |||
| [ID.sidr-rfc6485bis] Huston, G., and G. Michaelson, "The Profile for | ||||
| Algorithms and Key Sizes for use in the Resource Public Key | ||||
| Infrastructure", draft-ietf-sidr-rfc6485bis, work-in- | ||||
| progress. | ||||
| [ID.sidr-bgpsec-protocol] Lepinski, M., "BGPsec Protocol | [ID.sidr-bgpsec-protocol] Lepinski, M., "BGPsec Protocol | |||
| Specification", draft-ietf-sidr-bgpsec-protocol, work-in- | Specification", draft-ietf-sidr-bgpsec-protocol, work-in- | |||
| progress. | progress. | |||
| [ID.sidr-bgpsec-pki-profiles] Reynolds, M. and S. Turner, "A Profile | [ID.sidr-bgpsec-pki-profiles] Reynolds, M. and S. Turner, "A Profile | |||
| for BGPSEC Router Certificates, Certificate Revocation | for BGPSEC Router Certificates, Certificate Revocation | |||
| Lists, and Certification Requests", draft-ietf-sidr-bgpsec- | Lists, and Certification Requests", draft-ietf-sidr-bgpsec- | |||
| pki-profiles, work-in-progress. | pki-profiles, work-in-progress. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| End of changes. 15 change blocks. | ||||
| 33 lines changed or deleted | 35 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||