< draft-ietf-sidr-rpsl-sig-04.txt   draft-ietf-sidr-rpsl-sig-05.txt >
SIDR R. Kisteleki SIDR R. Kisteleki
Internet-Draft RIPE NCC Internet-Draft RIPE NCC
Intended status: Standards Track B. Haberman Intended status: Standards Track B. Haberman
Expires: October 8, 2012 JHU APL Expires: November 11, 2012 JHU APL
April 6, 2012 May 10, 2012
Securing RPSL Objects with RPKI Signatures Securing RPSL Objects with RPKI Signatures
draft-ietf-sidr-rpsl-sig-04.txt draft-ietf-sidr-rpsl-sig-05.txt
Abstract Abstract
This document describes a method to allow parties to electronically This document describes a method to allow parties to electronically
sign RPSL-like objects and validate such electronic signatures. This sign RPSL-like objects and validate such electronic signatures. This
allows relying parties to detect accidental or malicious allows relying parties to detect accidental or malicious
modifications on such objects. It also allows parties who run modifications on such objects. It also allows parties who run
Internet Routing Registries or similar databases, but do not yet have Internet Routing Registries or similar databases, but do not yet have
RPSS-like authentication of the maintainers of certain objects, to RPSS-like authentication of the maintainers of certain objects, to
verify that the additions or modifications of such database objects verify that the additions or modifications of such database objects
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 8, 2012. This Internet-Draft will expire on November 11, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 48 skipping to change at page 4, line 48
the decimal representation of an unsigned integer. the decimal representation of an unsigned integer.
5. The signed attributes (field "a"). This is a list of attribute 5. The signed attributes (field "a"). This is a list of attribute
names, separated by an ASCII "+" character (if more than one names, separated by an ASCII "+" character (if more than one
attribute is enumerated). The list must include any attribute at attribute is enumerated). The list must include any attribute at
most once. most once.
6. The signature itself (field "b"). This MUST be the last field in 6. The signature itself (field "b"). This MUST be the last field in
the list. The signature is the output of the signature algorithm the list. The signature is the output of the signature algorithm
using the appropriate private key and the calculated hash value using the appropriate private key and the calculated hash value
of the object as inputs. The value of this field is the base64 of the object as inputs. The value of this field is the digital
encoded representation of the signature. signature in base64 encoding [RFC4648].
Optional fields of the "signature" attribute: Optional fields of the "signature" attribute:
1. Signature expiration time (field "x"). The format of the value 1. Signature expiration time (field "x"). The format of the value
of this field is the number of seconds since Unix EPOCH (00:00:00 of this field is the number of seconds since Unix EPOCH (00:00:00
on January 1, 1970 in the UTC time zone). The value is expressed on January 1, 1970 in the UTC time zone). The value is expressed
as the decimal representation of an unsigned integer. as the decimal representation of an unsigned integer.
2. Reference(s) to other party's certificate(s) (field "o"). If 2. Reference(s) to other party's certificate(s) (field "o"). If
such certificates are mentioned (referred to) in any signature, such certificates are mentioned (referred to) in any signature,
skipping to change at page 12, line 13 skipping to change at page 12, line 13
security considerations in [RFC3779] apply here as well. security considerations in [RFC3779] apply here as well.
7. IANA Considerations 7. IANA Considerations
[Note to IANA, to be removed prior to publication: there are no IANA [Note to IANA, to be removed prior to publication: there are no IANA
considerations stated in this version of the document.] considerations stated in this version of the document.]
8. Acknowledgements 8. Acknowledgements
The authors would like to acknowledge the valued contributions from The authors would like to acknowledge the valued contributions from
Jos Boumans and Steve Kent in preparation of this document. Jos Boumans, Steve Kent, and Sean Turner in preparation of this
document.
9. Normative References 9. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP [RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP
Addresses and AS Identifiers", RFC 3779, June 2004. Addresses and AS Identifiers", RFC 3779, June 2004.
[RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing
(CIDR): The Internet Address Assignment and Aggregation (CIDR): The Internet Address Assignment and Aggregation
Plan", BCP 122, RFC 4632, August 2006. Plan", BCP 122, RFC 4632, August 2006.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, October 2006.
[RFC4871] Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, [RFC4871] Allman, E., Callas, J., Delany, M., Libbey, M., Fenton,
J., and M. Thomas, "DomainKeys Identified Mail (DKIM) J., and M. Thomas, "DomainKeys Identified Mail (DKIM)
Signatures", RFC 4871, May 2007. Signatures", RFC 4871, May 2007.
[RFC5396] Huston, G. and G. Michaelson, "Textual Representation of [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of
Autonomous System (AS) Numbers", RFC 5396, December 2008. Autonomous System (AS) Numbers", RFC 5396, December 2008.
[RFC5905] Mills, D., Martin, J., Burbank, J., and W. Kasch, "Network [RFC5905] Mills, D., Martin, J., Burbank, J., and W. Kasch, "Network
Time Protocol Version 4: Protocol and Algorithms Time Protocol Version 4: Protocol and Algorithms
Specification", RFC 5905, June 2010. Specification", RFC 5905, June 2010.
 End of changes. 6 change blocks. 
7 lines changed or deleted 11 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/