< draft-ietf-sidrops-rpki-has-no-identity-00.txt   draft-ietf-sidrops-rpki-has-no-identity-01.txt >
Network Working Group R. Bush Network Working Group R. Bush
Internet-Draft Arrcus & Internet Initiative Japan Internet-Draft Arrcus & Internet Initiative Japan
Intended status: Standards Track R. Housley Intended status: Standards Track R. Housley
Expires: November 5, 2021 Vigil Security Expires: 9 February 2022 Vigil Security
May 4, 2021 8 August 2021
The I in RPKI does not stand for Identity The I in RPKI does not stand for Identity
draft-ietf-sidrops-rpki-has-no-identity-00 draft-ietf-sidrops-rpki-has-no-identity-01
Abstract Abstract
There is a false notion that Internet Number Resources (INRs) in the There is a false notion that Internet Number Resources (INRs) in the
RPKI can be associated with the real world identity of the 'owner' of RPKI can be associated with the real world identity of the 'owner' of
an INR. This document attempts to put that notion to rest. an INR. This document attempts to put that notion to rest.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
skipping to change at page 1, line 41 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 5, 2021. This Internet-Draft will expire on 9 February 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents (https://trustee.ietf.org/
(https://trustee.ietf.org/license-info) in effect on the date of license-info) in effect on the date of publication of this document.
publication of this document. Please review these documents Please review these documents carefully, as they describe your rights
carefully, as they describe your rights and restrictions with respect and restrictions with respect to this document. Code Components
to this document. Code Components extracted from this document must extracted from this document must include Simplified BSD License text
include Simplified BSD License text as described in Section 4.e of as described in Section 4.e of the Trust Legal Provisions and are
the Trust Legal Provisions and are provided without warranty as provided without warranty as described in the Simplified BSD License.
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . 3 2. The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . 3
3. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
7.1. Normative References . . . . . . . . . . . . . . . . . . 5 7.1. Normative References . . . . . . . . . . . . . . . . . . 5
7.2. Informative References . . . . . . . . . . . . . . . . . 6 7.2. Informative References . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction 1. Introduction
The Resource Public Key Infrastructure (RPKI), see [RFC6480], The Resource Public Key Infrastructure (RPKI), see [RFC6480],
"represents the allocation hierarchy of IP address space and "represents the allocation hierarchy of IP address space and
Autonomous System (AS) numbers." Though since, it has grown to Autonomous System (AS) numbers." Though since, it has grown to
include other similar resource and routing data, e.g. Router Keying include other similar resource and routing data, e.g. Router Keying
for BGPsec, [RFC8635]. for BGPsec, [RFC8635].
In security terms the phrase "Public Key" implies there are also In security terms the phrase "Public Key" implies there are also
private keys, a la [RFC5280]. And, as the RPKI has strong authority private keys, a la [RFC5280]. And, as the RPKI has strong authority
over ownership of Internet Number Resources (INRs), there is a desire over ownership of Internet Number Resources (INRs), there is a desire
to use the private keys to sign arbitrary documents to attest that to use the private keys to sign arbitrary documents to attest that
the 'owner' of those resources has attested to the authenticity of the 'owner' of those resources has attested to the authenticity of
those documents. Instead, it is an authorization to speak for the those documents. But in reality, it is an authorization to speak for
named IP address blocks and AS numbers themselves, not their the named IP address blocks and AS numbers themselves, not their
unidentifiable owners. unidentifiable owners.
There is a desire is to authenticate real world business transactions It has been suggested that one could authenticate real world business
with the signatures of INR holders. E.g. for Bill's Bait and Sushi transactions with the signatures of INR holders. E.g. Bill's Bait
to use their AS in the RPKI to sign a Letter of Authorization (LOA) and Sushi could use their AS in the RPKI to sign a Letter of
for some other party to rack and stack hardware owned by BB&S. Authorization (LOA) for some other party to rack and stack hardware
Unfortunately, this is not formally feasible. owned by BB&S. Unfortunately, this is not formally feasible.
The I in RPKI actually stands for "Infrastructure," as in Resource The I in RPKI actually stands for "Infrastructure," as in Resource
Public Key Infrastructure, not for "Identity". In fact, the RPKI Public Key Infrastructure, not for "Identity". In fact, the RPKI
does not provide any association between INRs and the real world does not provide any association between INRs and the real world
holder(s) of those INRs. The RPKI provides authorization to speak holder(s) of those INRs. The RPKI provides authorization to speak
for the named IP address blocks and AS numbers. for the named IP address blocks and AS numbers.
2. The Bottom Line 2. The Bottom Line
The RPKI was designed and specified to sign certificates for use The RPKI was designed and specified to sign certificates for use
skipping to change at page 3, line 23 skipping to change at page 3, line 27
issues, it would expose the Certification Authority (CA) to issues, it would expose the Certification Authority (CA) to
liability. liability.
That the RPKI does not authenticate real world identity is a feature That the RPKI does not authenticate real world identity is a feature
not a bug. If it tried to do so, aside from the liability, it would not a bug. If it tried to do so, aside from the liability, it would
end in a world of complexity with no proof of termination, as X.400 end in a world of complexity with no proof of termination, as X.400
learned. learned.
Registries such as the Regional Internet Resistries (RIRs) provide Registries such as the Regional Internet Resistries (RIRs) provide
INR to real world identity mapping through whois and similar INR to real world identity mapping through whois and similar
services. They claim to be authoritative, at least for for the INRs services. They claim to be authoritative, at least for the INRs
which they allocate. which they allocate.
RPKI-based credentials of INRs MUST NOT be used to authenticate real RPKI-based credentials of INRs MUST NOT be used to authenticate real
world documents or transactions without some formal external world documents or transactions without some formal external
authentication of the INR and the authority for the actually authentication of the INR and the authority for the actually
anonymous INR holder to authenticate the particular document or anonymous INR holder to authenticate the particular document or
transaction. transaction.
Note that, if there is sufficient external, i.e. non-RPKI,
verifcation of authority, then use of RPKI-based credentials seems
superfluous.
3. Discussion 3. Discussion
The RPKI base document, [RFC6480], Section 2.1 says explicitly "An
important property of this PKI is that certificates do not attest to
the identity of the subject."
The Template for a Certification Practice Statement (CPS) for the
Resource PKI (RPKI) [RFC7382] Section 3.1, Naming, makes very clear
that "The Subject name in each certificate SHOULD NOT be meaningful;"
and goes on to do so at some length.
Normally, the INR holder does not hold the private key attesting to Normally, the INR holder does not hold the private key attesting to
their resources; the Certification Authority (CA) does. The INR their resources; the Certification Authority (CA) does. The INR
holder has a real world business relationship with the CA for which holder has a real world business relationship with the CA for which
they have likely signed real world documents. they have likely signed real world documents.
As the INR owner does not have the keying material, they rely on the As the INR owner does not have the keying material, they rely on the
CA, to which they presumably must present credentials, to manipulate CA, to which they presumably present credentials, to manipulate their
their INRs. These credentials may be userid/password (with two INRs. These credentials may be userid/password (with two factor
factor authentication one hopes), a hardware token, client browser authentication one hopes), a hardware token, client browser
certificates, etc. certificates, etc.
Hence schemes such as [I-D.ietf-sidrops-rpki-rta] and Hence schemes such as [I-D.ietf-sidrops-rpki-rta] and
[I-D.ietf-sidrops-rpki-rsc] must go to great lengths to extract the [I-D.ietf-sidrops-rpki-rsc] must go to great lengths to extract the
supposedly relevant keys from the CA. supposedly relevant keys from the CA.
For some particular INR, say Bill's Bait and Sushi's Autonomous For some particular INR, say Bill's Bait and Sushi's Autonomous
System (AS) number, someone out on the net probably has the System (AS) number, someone out on the net probably has the
credentials to the CA account in which BB&S's INRs are registered. credentials to the CA account in which BB&S's INRs are registered.
That could be the owner of BB&S, Roberto's Taco Stand, an IT vendor, That could be the owner of BB&S, Roberto's Taco Stand, an IT vendor,
or the Government of Elbonia. One simply can not know. or the Government of Elbonia. One simply can not know.
In large operations, INR management is often compartmentalized with In large organizations, INR management is often compartmentalized
no authority over anything beyond dealing with INR registration. The with no authority over anything beyond dealing with INR registration.
INR manager for Bill's Bait and Sushi is unlikely to be authorized to The INR manager for Bill's Bait and Sushi is unlikely to be
conduct bank transactions for BB&S, or even to authorize access to authorized to conduct bank transactions for BB&S, or even to
BB&S's servers in some colocation facility. authorize access to BB&S's servers in some colocation facility.
Then there is the temporal issue. The owner of that AS may be BB&S Then there is the temporal issue. The owner of that AS may be BB&S
today when some document was signed, and could be the Government of today when some document was signed, and could be the Government of
Elbonia tomorrow. Or the resource could have been administratively Elbonia tomorrow. Or the resource could have been administratively
moved from one CA to another, likely requiring a change of keys. If moved from one CA to another, likely requiring a change of keys. If
so, how does one determine if the signature on the real world so, how does one determine if the signature on the real world
document is still valid? document is still valid?
While Ghostbuster Records [RFC6493] may seem to identify real world While Ghostbuster Records [RFC6493] may seem to identify real world
entities, their semantic content is completely arbitrary, and does entities, their semantic content is completely arbitrary, and does
not attest to INR ownership. They are merely clues for operational not attest to INR ownership. They are merely clues for operational
support contact in case of technical RPKI problems. support contact in case of technical RPKI problems.
Usually, before registering INRs, CAs require proof of INR ownership Usually, before registering INRs, CAs require proof of INR ownership
via external documentation and authorities. It is somewhat droll via external documentation and authorities. It is somewhat droll
that the CPS Template, [RFC7382], does not mention any diligence the that the CPS Template, [RFC7382], does not mention any diligence the
CA must, or even might, conduct to assure the INRs are in fact owned CA must, or even might, conduct to assure the INRs are in fact owned
by a registrant. by a registrant.
Autonomous System Numbers do not identify real world entities. They Autonomous System Numbers do not identify real world entities. They
are identifiers some network operators 'own' and are only used in are identifiers some network operators 'own' and are only used for
loop detection in routing. They have no inherent semantics other loop detection in routing. They have no inherent semantics other
than uniqueness. than uniqueness.
The RPKI base document, [RFC6480], Section 2.1 says explicitly "An
important property of this PKI is that certificates do not attest to
the identity of the subject."
The Template for a Certification Practice Statement (CPS) for the
Resource PKI (RPKI) [RFC7382] Section 3.1, Naming, makes very clear
that "The Subject name in each certificate SHOULD NOT be meaningful;"
and goes on to do so at some length.
4. Security Considerations 4. Security Considerations
Attempts to use RPKI data to authenticate real world documents or Attempts to use RPKI data to authenticate real world documents or
other artifacts requiring identity are invalid and misleading. other artifacts requiring identity are invalid and misleading.
When a document is signed with the private key associated with a RPKI When a document is signed with the private key associated with a RPKI
certificate, the signer is speaking for the INRs, the IP address certificate, the signer is speaking for the INRs, the IP address
space and Autonomous System (AS) numbers, in the certificate. This space and Autonomous System (AS) numbers, in the certificate. This
is not an identity; this is an authorization. In schemes such as is not an identity; this is an authorization. In schemes such as
[I-D.ietf-sidrops-rpki-rta] and [I-D.ietf-sidrops-rpki-rsc] the [I-D.ietf-sidrops-rpki-rta] and [I-D.ietf-sidrops-rpki-rsc] the
skipping to change at page 6, line 21 skipping to change at page 6, line 31
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8635] Bush, R., Turner, S., and K. Patel, "Router Keying for [RFC8635] Bush, R., Turner, S., and K. Patel, "Router Keying for
BGPsec", RFC 8635, DOI 10.17487/RFC8635, August 2019, BGPsec", RFC 8635, DOI 10.17487/RFC8635, August 2019,
<https://www.rfc-editor.org/info/rfc8635>. <https://www.rfc-editor.org/info/rfc8635>.
7.2. Informative References 7.2. Informative References
[I-D.ietf-sidrops-rpki-rsc] [I-D.ietf-sidrops-rpki-rsc]
Snijders, J., "Resource Public Key Infrastructure (RPKI) Snijders, J., Harrison, T., and B. Maddison, "Resource
object profile for Signed Checklist (RSC)", draft-ietf- Public Key Infrastructure (RPKI) object profile for Signed
sidrops-rpki-rsc-02 (work in progress), March 2021. Checklist (RSC)", Work in Progress, Internet-Draft, draft-
ietf-sidrops-rpki-rsc-04, 31 May 2021,
<https://www.ietf.org/archive/id/draft-ietf-sidrops-rpki-
rsc-04.txt>.
[I-D.ietf-sidrops-rpki-rta] [I-D.ietf-sidrops-rpki-rta]
Michaelson, G., Huston, G., Harrison, T., Bruijnzeels, T., Michaelson, G. G., Huston, G., Harrison, T., Bruijnzeels,
and M. Hoffmann, "A profile for Resource Tagged T., and M. Hoffmann, "A profile for Resource Tagged
Attestations (RTAs)", draft-ietf-sidrops-rpki-rta-00 (work Attestations (RTAs)", Work in Progress, Internet-Draft,
in progress), January 2021. draft-ietf-sidrops-rpki-rta-00, 21 January 2021,
<https://www.ietf.org/archive/id/draft-ietf-sidrops-rpki-
rta-00.txt>.
[RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI) [RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI)
Ghostbusters Record", RFC 6493, DOI 10.17487/RFC6493, Ghostbusters Record", RFC 6493, DOI 10.17487/RFC6493,
February 2012, <https://www.rfc-editor.org/info/rfc6493>. February 2012, <https://www.rfc-editor.org/info/rfc6493>.
Authors' Addresses Authors' Addresses
Randy Bush Randy Bush
Arrcus & Internet Initiative Japan Arrcus & Internet Initiative Japan
5147 Crystal Springs 5147 Crystal Springs
Bainbridge Island, WA 98110 Bainbridge Island, WA 98110
US United States of America
Email: randy@psg.com Email: randy@psg.com
Russ Housley Russ Housley
Vigil Security, LLC Vigil Security, LLC
516 Dranesville Road 516 Dranesville Road
Herndon, VA 20170 Herndon, VA, 20170
US United States of America
Email: housley@vigilsec.com Email: housley@vigilsec.com
 End of changes. 20 change blocks. 
52 lines changed or deleted 58 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/