| < draft-ietf-sidrops-rpki-has-no-identity-01.txt | draft-ietf-sidrops-rpki-has-no-identity-02.txt > | |||
|---|---|---|---|---|
| Network Working Group R. Bush | Network Working Group R. Bush | |||
| Internet-Draft Arrcus & Internet Initiative Japan | Internet-Draft Arrcus & Internet Initiative Japan | |||
| Intended status: Standards Track R. Housley | Intended status: Standards Track R. Housley | |||
| Expires: 9 February 2022 Vigil Security | Expires: 27 March 2022 Vigil Security | |||
| 8 August 2021 | 23 September 2021 | |||
| The I in RPKI does not stand for Identity | The I in RPKI does not stand for Identity | |||
| draft-ietf-sidrops-rpki-has-no-identity-01 | draft-ietf-sidrops-rpki-has-no-identity-02 | |||
| Abstract | Abstract | |||
| There is a false notion that Internet Number Resources (INRs) in the | There is a false notion that Internet Number Resources (INRs) in the | |||
| RPKI can be associated with the real world identity of the 'owner' of | RPKI can be associated with the real world identity of the 'owner' of | |||
| an INR. This document attempts to put that notion to rest. | an INR. This document attempts to put that notion to rest. | |||
| Requirements Language | Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| skipping to change at page 1, line 41 ¶ | skipping to change at page 1, line 41 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 9 February 2022. | This Internet-Draft will expire on 27 March 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 25 ¶ | skipping to change at page 2, line 25 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 | 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 6 | 7.2. Informative References . . . . . . . . . . . . . . . . . 6 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 1. Introduction | 1. Introduction | |||
| The Resource Public Key Infrastructure (RPKI), see [RFC6480], | The Resource Public Key Infrastructure (RPKI), see [RFC6480], | |||
| "represents the allocation hierarchy of IP address space and | "represents the allocation hierarchy of IP address space and | |||
| Autonomous System (AS) numbers." Though since, it has grown to | Autonomous System (AS) numbers." Though since, it has grown to | |||
| include other similar resource and routing data, e.g. Router Keying | include other similar resource and routing data, e.g. Router Keying | |||
| for BGPsec, [RFC8635]. | for BGPsec, [RFC8635]. | |||
| In security terms the phrase "Public Key" implies there are also | In security terms the phrase "Public Key" implies there are also | |||
| skipping to change at page 5, line 5 ¶ | skipping to change at page 5, line 5 ¶ | |||
| entities, their semantic content is completely arbitrary, and does | entities, their semantic content is completely arbitrary, and does | |||
| not attest to INR ownership. They are merely clues for operational | not attest to INR ownership. They are merely clues for operational | |||
| support contact in case of technical RPKI problems. | support contact in case of technical RPKI problems. | |||
| Usually, before registering INRs, CAs require proof of INR ownership | Usually, before registering INRs, CAs require proof of INR ownership | |||
| via external documentation and authorities. It is somewhat droll | via external documentation and authorities. It is somewhat droll | |||
| that the CPS Template, [RFC7382], does not mention any diligence the | that the CPS Template, [RFC7382], does not mention any diligence the | |||
| CA must, or even might, conduct to assure the INRs are in fact owned | CA must, or even might, conduct to assure the INRs are in fact owned | |||
| by a registrant. | by a registrant. | |||
| That someone can provide 'proof of possession' of the private key | ||||
| signing over a particular INR should not be taken to imply that they | ||||
| are a valid legal representative of the organization in possession of | ||||
| that INR. They could be just an INR administrative person. | ||||
| Autonomous System Numbers do not identify real world entities. They | Autonomous System Numbers do not identify real world entities. They | |||
| are identifiers some network operators 'own' and are only used for | are identifiers some network operators 'own' and are only used for | |||
| loop detection in routing. They have no inherent semantics other | loop detection in routing. They have no inherent semantics other | |||
| than uniqueness. | than uniqueness. | |||
| 4. Security Considerations | 4. Security Considerations | |||
| Attempts to use RPKI data to authenticate real world documents or | Attempts to use RPKI data to authenticate real world documents or | |||
| other artifacts requiring identity are invalid and misleading. | other artifacts requiring identity are invalid and misleading. | |||
| skipping to change at page 5, line 41 ¶ | skipping to change at page 5, line 46 ¶ | |||
| anonymous INR holder to authenticate the particular document or | anonymous INR holder to authenticate the particular document or | |||
| transaction. | transaction. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| This document has no IANA Considerations. | This document has no IANA Considerations. | |||
| 6. Acknowledgments | 6. Acknowledgments | |||
| The authors thank George Michaelson and Job Snijders for lively | The authors thank George Michaelson and Job Snijders for lively | |||
| discussion; and last but not least, Biff for the loan of Bill's Bait | discussion, Ties de Kock for useful suggestions, and last but not | |||
| and Sushi. | least, Biff for the loan of Bill's Bait and Sushi. | |||
| 7. References | 7. References | |||
| 7.1. Normative References | 7.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| skipping to change at page 6, line 34 ¶ | skipping to change at page 6, line 39 ¶ | |||
| [RFC8635] Bush, R., Turner, S., and K. Patel, "Router Keying for | [RFC8635] Bush, R., Turner, S., and K. Patel, "Router Keying for | |||
| BGPsec", RFC 8635, DOI 10.17487/RFC8635, August 2019, | BGPsec", RFC 8635, DOI 10.17487/RFC8635, August 2019, | |||
| <https://www.rfc-editor.org/info/rfc8635>. | <https://www.rfc-editor.org/info/rfc8635>. | |||
| 7.2. Informative References | 7.2. Informative References | |||
| [I-D.ietf-sidrops-rpki-rsc] | [I-D.ietf-sidrops-rpki-rsc] | |||
| Snijders, J., Harrison, T., and B. Maddison, "Resource | Snijders, J., Harrison, T., and B. Maddison, "Resource | |||
| Public Key Infrastructure (RPKI) object profile for Signed | Public Key Infrastructure (RPKI) object profile for Signed | |||
| Checklist (RSC)", Work in Progress, Internet-Draft, draft- | Checklist (RSC)", Work in Progress, Internet-Draft, draft- | |||
| ietf-sidrops-rpki-rsc-04, 31 May 2021, | ietf-sidrops-rpki-rsc-05, 11 August 2021, | |||
| <https://www.ietf.org/archive/id/draft-ietf-sidrops-rpki- | <https://www.ietf.org/archive/id/draft-ietf-sidrops-rpki- | |||
| rsc-04.txt>. | rsc-05.txt>. | |||
| [I-D.ietf-sidrops-rpki-rta] | [I-D.ietf-sidrops-rpki-rta] | |||
| Michaelson, G. G., Huston, G., Harrison, T., Bruijnzeels, | Michaelson, G. G., Huston, G., Harrison, T., Bruijnzeels, | |||
| T., and M. Hoffmann, "A profile for Resource Tagged | T., and M. Hoffmann, "A profile for Resource Tagged | |||
| Attestations (RTAs)", Work in Progress, Internet-Draft, | Attestations (RTAs)", Work in Progress, Internet-Draft, | |||
| draft-ietf-sidrops-rpki-rta-00, 21 January 2021, | draft-ietf-sidrops-rpki-rta-00, 21 January 2021, | |||
| <https://www.ietf.org/archive/id/draft-ietf-sidrops-rpki- | <https://www.ietf.org/archive/id/draft-ietf-sidrops-rpki- | |||
| rta-00.txt>. | rta-00.txt>. | |||
| [RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI) | [RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI) | |||
| End of changes. 8 change blocks. | ||||
| 9 lines changed or deleted | 14 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||