| < draft-ietf-sidr-rpsl-sig-04.txt | draft-ietf-sidr-rpsl-sig-05.txt > | |||
|---|---|---|---|---|
| SIDR R. Kisteleki | SIDR R. Kisteleki | |||
| Internet-Draft RIPE NCC | Internet-Draft RIPE NCC | |||
| Intended status: Standards Track B. Haberman | Intended status: Standards Track B. Haberman | |||
| Expires: October 8, 2012 JHU APL | Expires: November 11, 2012 JHU APL | |||
| April 6, 2012 | May 10, 2012 | |||
| Securing RPSL Objects with RPKI Signatures | Securing RPSL Objects with RPKI Signatures | |||
| draft-ietf-sidr-rpsl-sig-04.txt | draft-ietf-sidr-rpsl-sig-05.txt | |||
| Abstract | Abstract | |||
| This document describes a method to allow parties to electronically | This document describes a method to allow parties to electronically | |||
| sign RPSL-like objects and validate such electronic signatures. This | sign RPSL-like objects and validate such electronic signatures. This | |||
| allows relying parties to detect accidental or malicious | allows relying parties to detect accidental or malicious | |||
| modifications on such objects. It also allows parties who run | modifications on such objects. It also allows parties who run | |||
| Internet Routing Registries or similar databases, but do not yet have | Internet Routing Registries or similar databases, but do not yet have | |||
| RPSS-like authentication of the maintainers of certain objects, to | RPSS-like authentication of the maintainers of certain objects, to | |||
| verify that the additions or modifications of such database objects | verify that the additions or modifications of such database objects | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 39 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 8, 2012. | This Internet-Draft will expire on November 11, 2012. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 4, line 48 ¶ | skipping to change at page 4, line 48 ¶ | |||
| the decimal representation of an unsigned integer. | the decimal representation of an unsigned integer. | |||
| 5. The signed attributes (field "a"). This is a list of attribute | 5. The signed attributes (field "a"). This is a list of attribute | |||
| names, separated by an ASCII "+" character (if more than one | names, separated by an ASCII "+" character (if more than one | |||
| attribute is enumerated). The list must include any attribute at | attribute is enumerated). The list must include any attribute at | |||
| most once. | most once. | |||
| 6. The signature itself (field "b"). This MUST be the last field in | 6. The signature itself (field "b"). This MUST be the last field in | |||
| the list. The signature is the output of the signature algorithm | the list. The signature is the output of the signature algorithm | |||
| using the appropriate private key and the calculated hash value | using the appropriate private key and the calculated hash value | |||
| of the object as inputs. The value of this field is the base64 | of the object as inputs. The value of this field is the digital | |||
| encoded representation of the signature. | signature in base64 encoding [RFC4648]. | |||
| Optional fields of the "signature" attribute: | Optional fields of the "signature" attribute: | |||
| 1. Signature expiration time (field "x"). The format of the value | 1. Signature expiration time (field "x"). The format of the value | |||
| of this field is the number of seconds since Unix EPOCH (00:00:00 | of this field is the number of seconds since Unix EPOCH (00:00:00 | |||
| on January 1, 1970 in the UTC time zone). The value is expressed | on January 1, 1970 in the UTC time zone). The value is expressed | |||
| as the decimal representation of an unsigned integer. | as the decimal representation of an unsigned integer. | |||
| 2. Reference(s) to other party's certificate(s) (field "o"). If | 2. Reference(s) to other party's certificate(s) (field "o"). If | |||
| such certificates are mentioned (referred to) in any signature, | such certificates are mentioned (referred to) in any signature, | |||
| skipping to change at page 12, line 13 ¶ | skipping to change at page 12, line 13 ¶ | |||
| security considerations in [RFC3779] apply here as well. | security considerations in [RFC3779] apply here as well. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| [Note to IANA, to be removed prior to publication: there are no IANA | [Note to IANA, to be removed prior to publication: there are no IANA | |||
| considerations stated in this version of the document.] | considerations stated in this version of the document.] | |||
| 8. Acknowledgements | 8. Acknowledgements | |||
| The authors would like to acknowledge the valued contributions from | The authors would like to acknowledge the valued contributions from | |||
| Jos Boumans and Steve Kent in preparation of this document. | Jos Boumans, Steve Kent, and Sean Turner in preparation of this | |||
| document. | ||||
| 9. Normative References | 9. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP | [RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP | |||
| Addresses and AS Identifiers", RFC 3779, June 2004. | Addresses and AS Identifiers", RFC 3779, June 2004. | |||
| [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing | [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing | |||
| (CIDR): The Internet Address Assignment and Aggregation | (CIDR): The Internet Address Assignment and Aggregation | |||
| Plan", BCP 122, RFC 4632, August 2006. | Plan", BCP 122, RFC 4632, August 2006. | |||
| [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | ||||
| Encodings", RFC 4648, October 2006. | ||||
| [RFC4871] Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, | [RFC4871] Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, | |||
| J., and M. Thomas, "DomainKeys Identified Mail (DKIM) | J., and M. Thomas, "DomainKeys Identified Mail (DKIM) | |||
| Signatures", RFC 4871, May 2007. | Signatures", RFC 4871, May 2007. | |||
| [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of | [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of | |||
| Autonomous System (AS) Numbers", RFC 5396, December 2008. | Autonomous System (AS) Numbers", RFC 5396, December 2008. | |||
| [RFC5905] Mills, D., Martin, J., Burbank, J., and W. Kasch, "Network | [RFC5905] Mills, D., Martin, J., Burbank, J., and W. Kasch, "Network | |||
| Time Protocol Version 4: Protocol and Algorithms | Time Protocol Version 4: Protocol and Algorithms | |||
| Specification", RFC 5905, June 2010. | Specification", RFC 5905, June 2010. | |||
| End of changes. 6 change blocks. | ||||
| 7 lines changed or deleted | 11 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||