< draft-ietf-sidrops-rpki-has-no-identity-01.txt   draft-ietf-sidrops-rpki-has-no-identity-02.txt >
Network Working Group R. Bush Network Working Group R. Bush
Internet-Draft Arrcus & Internet Initiative Japan Internet-Draft Arrcus & Internet Initiative Japan
Intended status: Standards Track R. Housley Intended status: Standards Track R. Housley
Expires: 9 February 2022 Vigil Security Expires: 27 March 2022 Vigil Security
8 August 2021 23 September 2021
The I in RPKI does not stand for Identity The I in RPKI does not stand for Identity
draft-ietf-sidrops-rpki-has-no-identity-01 draft-ietf-sidrops-rpki-has-no-identity-02
Abstract Abstract
There is a false notion that Internet Number Resources (INRs) in the There is a false notion that Internet Number Resources (INRs) in the
RPKI can be associated with the real world identity of the 'owner' of RPKI can be associated with the real world identity of the 'owner' of
an INR. This document attempts to put that notion to rest. an INR. This document attempts to put that notion to rest.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
skipping to change at page 1, line 41 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 9 February 2022. This Internet-Draft will expire on 27 March 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 25 skipping to change at page 2, line 25
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . 3 2. The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . 3
3. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
7.1. Normative References . . . . . . . . . . . . . . . . . . 5 7.1. Normative References . . . . . . . . . . . . . . . . . . 5
7.2. Informative References . . . . . . . . . . . . . . . . . 6 7.2. Informative References . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction 1. Introduction
The Resource Public Key Infrastructure (RPKI), see [RFC6480], The Resource Public Key Infrastructure (RPKI), see [RFC6480],
"represents the allocation hierarchy of IP address space and "represents the allocation hierarchy of IP address space and
Autonomous System (AS) numbers." Though since, it has grown to Autonomous System (AS) numbers." Though since, it has grown to
include other similar resource and routing data, e.g. Router Keying include other similar resource and routing data, e.g. Router Keying
for BGPsec, [RFC8635]. for BGPsec, [RFC8635].
In security terms the phrase "Public Key" implies there are also In security terms the phrase "Public Key" implies there are also
skipping to change at page 5, line 5 skipping to change at page 5, line 5
entities, their semantic content is completely arbitrary, and does entities, their semantic content is completely arbitrary, and does
not attest to INR ownership. They are merely clues for operational not attest to INR ownership. They are merely clues for operational
support contact in case of technical RPKI problems. support contact in case of technical RPKI problems.
Usually, before registering INRs, CAs require proof of INR ownership Usually, before registering INRs, CAs require proof of INR ownership
via external documentation and authorities. It is somewhat droll via external documentation and authorities. It is somewhat droll
that the CPS Template, [RFC7382], does not mention any diligence the that the CPS Template, [RFC7382], does not mention any diligence the
CA must, or even might, conduct to assure the INRs are in fact owned CA must, or even might, conduct to assure the INRs are in fact owned
by a registrant. by a registrant.
That someone can provide 'proof of possession' of the private key
signing over a particular INR should not be taken to imply that they
are a valid legal representative of the organization in possession of
that INR. They could be just an INR administrative person.
Autonomous System Numbers do not identify real world entities. They Autonomous System Numbers do not identify real world entities. They
are identifiers some network operators 'own' and are only used for are identifiers some network operators 'own' and are only used for
loop detection in routing. They have no inherent semantics other loop detection in routing. They have no inherent semantics other
than uniqueness. than uniqueness.
4. Security Considerations 4. Security Considerations
Attempts to use RPKI data to authenticate real world documents or Attempts to use RPKI data to authenticate real world documents or
other artifacts requiring identity are invalid and misleading. other artifacts requiring identity are invalid and misleading.
skipping to change at page 5, line 41 skipping to change at page 5, line 46
anonymous INR holder to authenticate the particular document or anonymous INR holder to authenticate the particular document or
transaction. transaction.
5. IANA Considerations 5. IANA Considerations
This document has no IANA Considerations. This document has no IANA Considerations.
6. Acknowledgments 6. Acknowledgments
The authors thank George Michaelson and Job Snijders for lively The authors thank George Michaelson and Job Snijders for lively
discussion; and last but not least, Biff for the loan of Bill's Bait discussion, Ties de Kock for useful suggestions, and last but not
and Sushi. least, Biff for the loan of Bill's Bait and Sushi.
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
skipping to change at page 6, line 34 skipping to change at page 6, line 39
[RFC8635] Bush, R., Turner, S., and K. Patel, "Router Keying for [RFC8635] Bush, R., Turner, S., and K. Patel, "Router Keying for
BGPsec", RFC 8635, DOI 10.17487/RFC8635, August 2019, BGPsec", RFC 8635, DOI 10.17487/RFC8635, August 2019,
<https://www.rfc-editor.org/info/rfc8635>. <https://www.rfc-editor.org/info/rfc8635>.
7.2. Informative References 7.2. Informative References
[I-D.ietf-sidrops-rpki-rsc] [I-D.ietf-sidrops-rpki-rsc]
Snijders, J., Harrison, T., and B. Maddison, "Resource Snijders, J., Harrison, T., and B. Maddison, "Resource
Public Key Infrastructure (RPKI) object profile for Signed Public Key Infrastructure (RPKI) object profile for Signed
Checklist (RSC)", Work in Progress, Internet-Draft, draft- Checklist (RSC)", Work in Progress, Internet-Draft, draft-
ietf-sidrops-rpki-rsc-04, 31 May 2021, ietf-sidrops-rpki-rsc-05, 11 August 2021,
<https://www.ietf.org/archive/id/draft-ietf-sidrops-rpki- <https://www.ietf.org/archive/id/draft-ietf-sidrops-rpki-
rsc-04.txt>. rsc-05.txt>.
[I-D.ietf-sidrops-rpki-rta] [I-D.ietf-sidrops-rpki-rta]
Michaelson, G. G., Huston, G., Harrison, T., Bruijnzeels, Michaelson, G. G., Huston, G., Harrison, T., Bruijnzeels,
T., and M. Hoffmann, "A profile for Resource Tagged T., and M. Hoffmann, "A profile for Resource Tagged
Attestations (RTAs)", Work in Progress, Internet-Draft, Attestations (RTAs)", Work in Progress, Internet-Draft,
draft-ietf-sidrops-rpki-rta-00, 21 January 2021, draft-ietf-sidrops-rpki-rta-00, 21 January 2021,
<https://www.ietf.org/archive/id/draft-ietf-sidrops-rpki- <https://www.ietf.org/archive/id/draft-ietf-sidrops-rpki-
rta-00.txt>. rta-00.txt>.
[RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI) [RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI)
 End of changes. 8 change blocks. 
9 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/