| < draft-ietf-sidr-bgpsec-rollover-05.txt | draft-ietf-sidr-bgpsec-rollover-06.txt > | |||
|---|---|---|---|---|
| Network Working Group R. Gagliano | Network Working Group R. Gagliano | |||
| Internet-Draft K. Patel | Internet-Draft B. Weis | |||
| Intended status: Standards Track B. Weis | Intended status: Standards Track Cisco Systems | |||
| Expires: September 22, 2016 Cisco Systems | Expires: April 28, 2017 K. Patel | |||
| March 21, 2016 | Arrcus, Inc. | |||
| October 25, 2016 | ||||
| BGPsec Router Certificate Rollover | BGPsec Router Certificate Rollover | |||
| draft-ietf-sidr-bgpsec-rollover-05 | draft-ietf-sidr-bgpsec-rollover-06 | |||
| Abstract | Abstract | |||
| BGPsec will need to address the impact from regular and emergency | BGPsec will need to address the impact from regular and emergency | |||
| rollover processes for the BGPsec End-Entity (EE) certificates that | rollover processes for the BGPsec End-Entity (EE) certificates that | |||
| will be performed by Certificate Authorities (CAs) participating at | will be performed by Certificate Authorities (CAs) participating at | |||
| the Resource Public Key Infrastructure (RPKI). Rollovers of BGPsec | the Resource Public Key Infrastructure (RPKI). Rollovers of BGPsec | |||
| EE certificates must be carefully managed in order to synchronize | EE certificates must be carefully managed in order to synchronize | |||
| distribution of router public keys and the usage of those pubic keys | distribution of router public keys and the usage of those pubic keys | |||
| by BGPsec routers. This document provides general recommendations | by BGPsec routers. This document provides general recommendations | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 40 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 22, 2016. | This Internet-Draft will expire on April 28, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 26 ¶ | skipping to change at page 2, line 27 ¶ | |||
| 4. BGPsec key rollover as a measure against replays attacks in | 4. BGPsec key rollover as a measure against replays attacks in | |||
| BGPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | BGPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.1. BGPsec Replay attack window requirement . . . . . . . . . 6 | 4.1. BGPsec Replay attack window requirement . . . . . . . . . 6 | |||
| 4.2. BGPsec key rollover as a mechanism to protect against | 4.2. BGPsec key rollover as a mechanism to protect against | |||
| replay attacks . . . . . . . . . . . . . . . . . . . . . 7 | replay attacks . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 8 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 8 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 8 | 8.2. Informative References . . . . . . . . . . . . . . . . . 9 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 1. Requirements notation | 1. Requirements notation | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| [RFC2119]. | [RFC2119]. | |||
| 2. Introduction | 2. Introduction | |||
| skipping to change at page 4, line 41 ¶ | skipping to change at page 4, line 41 ¶ | |||
| risk that the router private key may be compromised. Distributing | risk that the router private key may be compromised. Distributing | |||
| the OLD public key in a new certificate is NOT RECOMMENDED when the | the OLD public key in a new certificate is NOT RECOMMENDED when the | |||
| rollover event is due to the key has been compromised or stale | rollover event is due to the key has been compromised or stale | |||
| BGPsec_Path attribute signatures are being distributed. | BGPsec_Path attribute signatures are being distributed. | |||
| 3.1. A proposed process for BGPsec key rollover | 3.1. A proposed process for BGPsec key rollover | |||
| The BGPsec key rollover process will be dependent on the key | The BGPsec key rollover process will be dependent on the key | |||
| provisioning mechanisms that are adopted by an AS. The key | provisioning mechanisms that are adopted by an AS. The key | |||
| provisioning mechanisms for BGPsec are not yet fully documented (see | provisioning mechanisms for BGPsec are not yet fully documented (see | |||
| [I-D.ietf-sidr-rtr-keying] as a work in progress document). It is | [I-D.ietf-sidr-rtr-keying] as a work in progress document). An | |||
| assumed that an automatic provisioning mechanism such as EST will be | automatic provisioning mechanism such as EST will allow BGPsec code | |||
| in place as such a provisioning mechanism will allow BGPsec code to | to include automatic re-keying scripts with minimum development cost. | |||
| include automatic re-keying scripts with minimum development cost. | ||||
| If we work under the assumption that an automatic mechanism will | If we work under the assumption that an automatic mechanism will | |||
| exist to rollover a BGPsec certificate, a RECOMMENDED process is as | exist to rollover a BGPsec certificate, a RECOMMENDED process is as | |||
| follows. | follows. | |||
| 1. New Certificate Publication: The first step in the rollover | 1. New Certificate Publication: The first step in the rollover | |||
| mechanism is to publish the new public key in a new certificate. | mechanism is to publish the new public key in a new certificate. | |||
| In order to accomplish this goal, the new key pair and | In order to accomplish this goal, the new key pair and | |||
| certificate will need to be generated and published at the | certificate will need to be generated and published at the | |||
| appropriate RPKI repository publication point. The details of | appropriate RPKI repository publication point. The details of | |||
| skipping to change at page 8, line 16 ¶ | skipping to change at page 8, line 16 ¶ | |||
| caches for new certificate and CRL (2x propagation time). If | caches for new certificate and CRL (2x propagation time). If | |||
| provisioning is done ahead of time the minimum window size is | provisioning is done ahead of time the minimum window size is | |||
| reduced (to 1x propagation time for the CRL). However, more | reduced (to 1x propagation time for the CRL). However, more | |||
| experimentation is needed when RPKI and RPs are more massively | experimentation is needed when RPKI and RPs are more massively | |||
| deployed. | deployed. | |||
| 3. Increases dynamics and size of RPKI repository. | 3. Increases dynamics and size of RPKI repository. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| No IANA considerations | There are no IANA considerations. This section may be removed upon | |||
| publication. | ||||
| 6. Security Considerations | 6. Security Considerations | |||
| Several possible reasons can cause routers participating in BGPsec to | Several possible reasons can cause routers participating in BGPsec to | |||
| replace rollover their signing keys and/or signatures containing | replace rollover their signing keys and/or signatures containing | |||
| their current signature verification key. Some reasons are due to | their current signature verification key. Some reasons are due to | |||
| the usual key management operations reasons (e.g.,key exposure, | the usual key management operations reasons (e.g.,key exposure, | |||
| change of certificate attributes, due to policy). However BGPsec | change of certificate attributes, due to policy). However BGPsec | |||
| routers also may need to change their signing keys and associated | routers also may need to change their signing keys and associated | |||
| certificate as an anti-replay protection. | certificate as an anti-replay protection. | |||
| skipping to change at page 8, line 52 ¶ | skipping to change at page 9, line 9 ¶ | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <http://www.rfc-editor.org/info/rfc2119>. | <http://www.rfc-editor.org/info/rfc2119>. | |||
| 8.2. Informative References | 8.2. Informative References | |||
| [I-D.ietf-sidr-bgpsec-ops] | [I-D.ietf-sidr-bgpsec-ops] | |||
| Bush, R., "BGPsec Operational Considerations", draft-ietf- | Bush, R., "BGPsec Operational Considerations", draft-ietf- | |||
| sidr-bgpsec-ops-07 (work in progress), December 2015. | sidr-bgpsec-ops-10 (work in progress), June 2016. | |||
| [I-D.ietf-sidr-bgpsec-protocol] | [I-D.ietf-sidr-bgpsec-protocol] | |||
| Lepinski, M. and K. Sriram, "BGPsec Protocol | Lepinski, M. and K. Sriram, "BGPsec Protocol | |||
| Specification", draft-ietf-sidr-bgpsec-protocol-15 (work | Specification", draft-ietf-sidr-bgpsec-protocol-18 (work | |||
| in progress), March 2016. | in progress), August 2016. | |||
| [I-D.ietf-sidr-rtr-keying] | [I-D.ietf-sidr-rtr-keying] | |||
| Bush, R. and K. Patel, "Router Keying for BGPsec", draft- | Bush, R., Turner, S., and K. Patel, "Router Keying for | |||
| ietf-sidr-rtr-keying-10 (work in progress), November 2015. | BGPsec", draft-ietf-sidr-rtr-keying-12 (work in progress), | |||
| June 2016. | ||||
| [RFC6489] Huston, G., Michaelson, G., and S. Kent, "Certification | [RFC6489] Huston, G., Michaelson, G., and S. Kent, "Certification | |||
| Authority (CA) Key Rollover in the Resource Public Key | Authority (CA) Key Rollover in the Resource Public Key | |||
| Infrastructure (RPKI)", BCP 174, RFC 6489, | Infrastructure (RPKI)", BCP 174, RFC 6489, | |||
| DOI 10.17487/RFC6489, February 2012, | DOI 10.17487/RFC6489, February 2012, | |||
| <http://www.rfc-editor.org/info/rfc6489>. | <http://www.rfc-editor.org/info/rfc6489>. | |||
| [RFC6810] Bush, R. and R. Austein, "The Resource Public Key | [RFC6810] Bush, R. and R. Austein, "The Resource Public Key | |||
| Infrastructure (RPKI) to Router Protocol", RFC 6810, | Infrastructure (RPKI) to Router Protocol", RFC 6810, | |||
| DOI 10.17487/RFC6810, January 2013, | DOI 10.17487/RFC6810, January 2013, | |||
| skipping to change at page 9, line 44 ¶ | skipping to change at page 10, line 4 ¶ | |||
| Authors' Addresses | Authors' Addresses | |||
| Roque Gagliano | Roque Gagliano | |||
| Cisco Systems | Cisco Systems | |||
| Avenue des Uttins 5 | Avenue des Uttins 5 | |||
| Rolle, VD 1180 | Rolle, VD 1180 | |||
| Switzerland | Switzerland | |||
| Email: rogaglia@cisco.com | Email: rogaglia@cisco.com | |||
| Keyur Patel | ||||
| Cisco Systems | ||||
| 170 W. Tasman Drive | ||||
| San Jose, CA 95134 | ||||
| CA | ||||
| Email: keyupate@cisco.com | ||||
| Brian Weis | Brian Weis | |||
| Cisco Systems | Cisco Systems | |||
| 170 W. Tasman Drive | 170 W. Tasman Drive | |||
| San Jose, CA 95134 | San Jose, CA 95134 | |||
| CA | CA | |||
| Email: bew@cisco.com | Email: bew@cisco.com | |||
| Keyur Patel | ||||
| Arrcus, Inc. | ||||
| Email: keyur@arrcus.com | ||||
| End of changes. 11 change blocks. | ||||
| 25 lines changed or deleted | 19 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||