idnits 2.17.1 draft-ietf-sidr-bgpsec-pki-profiles-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 5, 2011) is 4526 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Secure Inter-Domain Routing Working Group M. Reynolds 3 Internet-Draft IPSw 4 Updates: [ID.sidr-res-cert-profile] S. Turner 5 Intended Status: Standards Track IECA 6 Expires: June 7, 2012 S. Kent 7 BBN 8 December 5, 2011 10 A Profile for BGPSEC Router Certificates, 11 Certificate Revocation Lists, and Certification Requests 12 draft-ietf-sidr-bgpsec-pki-profiles-01 14 Abstract 16 This document defines a standard profile for X.509 certificates for 17 the purposes of supporting validation of Autonomous System (AS) paths 18 in the Border Gateway Protocol (BGP), as part of an extension to that 19 protocol known as BGPSEC. BGP is a critical component for the proper 20 operation of the Internet as a whole. The BGPSEC protocol is under 21 development as a component to address the requirement to provide 22 security for the BGP protocol. The goal of BGPSEC is to design a 23 protocol for full AS path validation based on the use of strong 24 cryptographic primitives. The end-entity (EE) certificates specified 25 by this profile are issued under Resource Public Key Infrastructure 26 (RPKI) Certification Authority (CA) certificates, containing the AS 27 Identifier Delegation extension, to routers within the Autonomous 28 System (AS). The certificate asserts that the router(s) holding the 29 private key are authorized to send out secure route advertisements on 30 behalf of the specified AS. This document also profiles the 31 Certificate Revocation List (CRL), profiles the format of 32 certification requests, and specifies Relying Party certificate path 33 validation procedures. The document extends the RPKI; therefore, 34 this documents updates the RPKI Resource Certificates Profile (draft- 35 ietf-sidr-res-cert-profile). 37 Status of this Memo 39 This Internet-Draft is submitted in full conformance with the 40 provisions of BCP 78 and BCP 79. 42 Internet-Drafts are working documents of the Internet Engineering 43 Task Force (IETF). Note that other groups may also distribute 44 working documents as Internet-Drafts. The list of current Internet- 45 Drafts is at http://datatracker.ietf.org/drafts/current/. 47 Internet-Drafts are draft documents valid for a maximum of six months 48 and may be updated, replaced, or obsoleted by other documents at any 49 time. It is inappropriate to use Internet-Drafts as reference 50 material or to cite them other than as "work in progress." 52 This Internet-Draft will expire on June 7, 2012. 54 Copyright Notice 56 Copyright (c) 2011 IETF Trust and the persons identified as the 57 document authors. All rights reserved. 59 This document is subject to BCP 78 and the IETF Trust's Legal 60 Provisions Relating to IETF Documents 61 (http://trustee.ietf.org/license-info) in effect on the date of 62 publication of this document. Please review these documents 63 carefully, as they describe your rights and restrictions with respect 64 to this document. Code Components extracted from this document must 65 include Simplified BSD License text as described in Section 4.e of 66 the Trust Legal Provisions and are provided without warranty as 67 described in the Simplified BSD License. 69 1. Introduction 71 This document defines a profile for X.509 end-entity (EE) 72 certificates [RFC5280] for use in the context of certification of 73 Autonomous System (AS) paths in the Border Gateway Protocol Security 74 (BGPSEC) protocol. Such certificates are termed "BGPSEC Router 75 Certificates". The holder of the private key associated with a 76 BGPSEC Router Certificate is authorized to send secure route 77 advertisements (BGPSEC UPDATEs) on behalf of the AS named in the 78 certificate. That is, a router holding the private key may send to 79 its BGP peers, route advertisements that contain the specified AS 80 number as the last item in the AS PATH attribute. A key property 81 that BGPSEC will provide is that every AS along the AS PATH can 82 verify that the other ASes along the path have authorized the 83 advertisement of the given route (to the next AS along the AS PATH). 85 This document is a profile of [ID.sidr-res-cert-profile], which is a 86 profile of [RFC5280], and it updates [ID.sidr-res-cert-profile]. It 87 establishes requirements imposed on a Resource Certificate that is 88 used as a BGPSEC Router Certificate, i.e., it defines constraints for 89 certificate fields and extensions for the certificate to be valid in 90 this context. This document also profiles the Certificate Revocation 91 List (CRL) and certification requests. Finally, this document 92 specifies the Relying Party (RP) certificate path validation 93 procedures. 95 1.1. Terminology 97 It is assumed that the reader is familiar with the terms and concepts 98 described in "A Profile for X.509 PKIX Resource Certificates" 99 [ID.sidr-res-cert-profile], "BGPSEC Protocol Specification" [ID.sidr- 100 bgpsec-protocol], "A Border Gateway Protocol 4 (BGP-4)" [RFC4271], 101 "BGP Security Vulnerabilities Analysis" [RFC4272], "Considerations in 102 Validating the Path in BGP" [RFC5123], and "Capability Advertisement 103 with BGP-4" [RFC5492]. 105 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 106 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 107 "OPTIONAL" in this document are to be interpreted as described in 108 [RFC2119]. 110 2. Describing Resources in Certificates 112 Figure 1 depicts some of the entities in the RPKI and some of the 113 products generated by RPKI entities. IANA issues a Certification 114 Authority (CA) to a Regional Internet Registries (RIR). The RIR, in 115 turn, issues a CA certificate to an Internet Service Providers (ISP). 116 The ISP in turn issues End-Entity (EE) Certificates to itself as 117 well as CRLs. These certificates are referred to as "Resource 118 Certificates", and are profiled in [ID.sidr-res-cert-profile]. The 119 [ID.sidr-arch] envisioned using Resource Certificates to generate 120 Manifests [ID.sidr-rpki-manifests] and Route Origin Authorizations 121 (ROAs) [ID.sidr-rpki-roa-format]. ROAs and Manifests also include 122 the Resource Certificates used to sign them. 124 +---------+ +------+ 125 | CA Cert |---| IANA | 126 +---------+ +------+ 127 \ 128 +---------+ +-----+ 129 | CA Cert |---| RIR | 130 +---------+ +-----+ 131 \ 132 +---------+ +-----+ 133 | CA Cert |---| ISP | 134 +---------+ +-----+ 135 / | | | 136 +-----+ / | | | +-----+ 137 | CRL |--+ | | +---| ROA | 138 +-----+ | | +-----+ 139 | | +----------+ 140 +----+ | +---| Manifest | 141 +-| EE |---+ +----------+ 142 | +----+ 143 +-----+ 144 Figure 1 146 This document defines another type of Resource Certificate, which is 147 referred to as a "BGPSEC Router Certificate". The purpose of this 148 certificate is explained in Section 1 and falls within the scope of 149 appropriate uses defined within [ID.sidr-cp]. The issuance of BGPSEC 150 Router Certificates has minimal impact on RPKI CAs because the RPKI 151 CA certificate and CRL profile remain unchanged (i.e., they are as 152 specified in [ID.sidr-res-cert-profile]). Further, the algorithms 153 used to generate RPKI CA certificates that issue the BGPSEC Router 154 Certificates and the CRLs necessary to check the validity of the 155 BGPSEC Router Certificates remain unchanged (i.e., they are as 156 specified in [ID.sidr-rpki-algs]). The only impact is that the RPKI 157 CAs will need to be able to process a profiled certificate request 158 (see Section 5) signed with algorithms found in [ID.turner-sidr- 159 bgpsec-algs]. The use of BGPSEC Router Certificates in no way 160 affects RPKI RPs that process Manifests and ROAs because the public 161 key found in the BGPSEC Router Certificate is only ever used to 162 verify the signature on the BGPSEC certificate request (only CAs 163 process these), another BGPSEC Router Certificate (only BGPSEC 164 routers process these), and the signature on a BGPSEC Update Message 165 [ID.sidr-bgpsec-protocol] (only BGPSEC routers process these). 167 Only the differences between this profile and the profile in 168 [ID.sidr-res-cert-profile] are listed. Note that BGPSEC Router 169 Certificates are EE certificates and as such there is no impact on 170 process described in [ID.sidr-algorithm-agility]. 172 3. Updates to [ID.sidr-res-cert-profile] 174 3.1 BGPSEC Router Certificate Fields 176 A BGPSEC Router Certificate is a valid X.509 public key certificate, 177 consistent with the PKIX profile [RFC5280], containing the fields 178 listed in this section. This profile is also based on [ID.sidr-res- 179 cert-profile] and only the differences between this profile and the 180 profile in [ID.sidr-res-cert-profile] are listed. 182 3.1.1.1 Subject 184 This field identifies the router to which the certificate has been 185 issued. Consistent with [ID.sidr-res-cert-profile], only two 186 attributes are allowed in the Subject field: common name and serial 187 number. Moreover, the only common name encoding options that are 188 supported are printableString and UTF8String. For BGPSEC Router 189 Certificates, it is RECOMMENDED that the common name attribute 190 contain the literal string "ROUTER-" followed by the 32-bit AS Number 191 [RFC3779] encoded as eight hexadecimal digits and that the serial 192 number attribute contain the 32-bit BGP Identifier [RFC4271] (i.e., 193 the router ID) encoded as eight hexadecimal digits. If the same 194 certificate is issued to more than one router (hence the private key 195 is shared among these routers), the choice of the router ID used in 196 this name is at the discretion of the Issuer. Note that router IDs 197 are not guaranteed to be unique across the Internet, and thus the 198 Subject name in a BGPSEC Router Certificate issued using this 199 convention also is not guaranteed to be unique across different 200 issuers. However, each certificate issued by an individual CA MUST 201 contain a Subject name that is unique within that context. 203 3.1.2. Subject Public Key Info 205 Refer to section 3.1 of [ID.sidr-bgpsec-algs]. 207 3.1.3. BGPSEC Router Certificate Version 3 Extension Fields 209 The following X.509 V3 extensions MUST be present (or MUST be absent, 210 if so stated) in a conforming BGPSEC Router Certificate, except where 211 explicitly noted otherwise. No other extensions are allowed in a 212 conforming BGPSEC Router Certificate. 214 3.1.3.1. Extended Key Usage 216 BGPSEC Router Certificates MUST include the Extended Key Usage (EKU) 217 extension. As specified, in [ID.sidr-res-cert-profile] this 218 extension MUST be marked as non-critical. This document defines one 219 EKU for BGPSEC Router Certificates: 221 id-kp OBJECT IDENTIFIER ::= 222 { iso(1) identified-organization(3) dod(6) internet(1) 223 security(5) mechanisms(5) pkix(7) kp(3) } 225 id-kp-bgpsec-router OBJECT IDENTIFIER ::= { id-kp TBD } 227 Relying Parties MUST require the extended key usage extension to be 228 present in a BGPSEC Router Certificate. If multiple KeyPurposeId 229 values are included, the relying parties need not recognize all of 230 them, as long as the required KeyPurposeId value is present. BGPSEC 231 RPs MUST reject certificates that do not contain the BGPSEC Router 232 EKU even if they include the anyExtendedKeyUsage OID defined in 233 [RFC5280]. 235 3.1.3.2. Subject Information Access 237 This extension is not used in BGPSEC Router Certificates. It MUST be 238 omitted. 240 3.1.3.3. IP Resources 241 This extension is not used in BGPSEC Router Certificates. It MUSt be 242 omitted. 244 3.1.3.4. AS Resources 246 Each BGPSEC Router Certificate MUST include the AS Resource 247 Identifier Delegation extension, as specified in section 4.8.11 of 248 [ID.sidr-res-cert-profile]. The AS Resource Identifier Delegation 249 extension MUST include exactly one AS number, and the "inherit" 250 element MUST NOT be specified. 252 3.2. BGPSEC Router Certificate Request Profile 254 Refer to section 6 of [ID.sidr-res-cert-profile]. The only 255 differences between this profile and the profile in [ID.sidr-res- 256 cert-profile] are: 258 o The ExtendedKeyUsage extension request MUST be included and the CA 259 MUST honor the request; 261 o The SubjectPublicKeyInfo and PublicKey fields are specified in 262 [ID.sidr-bgpsec-algs]; and, 264 o The request is signed with the algorithms specified in [ID.sidr- 265 bgpsec-algs]. 267 3.3. BGPSEC Router Certificate Validation 269 The validation procedure used for BGPSEC Router Certificates is 270 identical to the validation procedure described in Section 7 of 271 [ID.sidr-res-cert-profile] except that where "this specification" 272 refers to [ID.sidr-res-cert-profile] in that profile in this profile 273 "this specification" is this document. 275 The differences are as follows: 277 o BGPSEC Router Certificates MUST include the BGPSEC EKU defined in 278 Section 3.9.5. 280 o BGPSEC Router Certificates MUST NOT include the SIA extension. 282 o BGPSEC Router Certificates MUST NOT include the IP Resource 283 extension. 285 o BGPSEC Router Certificates MUST include the AS Resource Identifier 286 Delegation extension. 288 o BGPSEC Router Certificate MUST include the "Subject Public Key 289 Info" described in [ID.sidr-bgpsec-algs] as it updates [ID.sidr- 290 rpki-algs]. 292 NOTE: The cryptographic algorithms used by BGPSEC routers are 293 found in [ID.sidr-bgpsec-algs]. Currently, the algorithms 294 specified in [ID.sidr-bgpsec-algs] and [ID.sidr-rpki-algs] are 295 different. BGPSEC RPs will need to support algorithms that are 296 needed to validate BGPSEC signatures as well as the algorithms 297 that are needed to validate signatures on BGPSEC certificates, 298 RPKI CA certificates, and RPKI CRLs. 300 4. Design Notes 302 The BGPSEC Router Certificate profile is based on the Resource 303 Certificate profile as specified in [ID.sidr-res-cert-profile]. As a 304 result, many of the design choices herein are a reflection of the 305 design choices that were taken in that prior work. The reader is 306 referred to [ID.sidr-res-cert-profile] for a fuller discussion of 307 those choices. 309 5. Security Considerations 311 The Security Considerations of [ID.sidr-res-cert-profile] apply. 313 A bgpsec certificate will fail RPKI validation, as defined in 314 [ID.sidr-res-cert-profile], because the algorithm suite is different. 315 Consequently, a RP needs to identify the EKU before applying the 316 correspondent validation. 318 A BGPSEC Router Certificate is an extension of the RPKI [ID.sidr- 319 arch] to encompass routers. It is a building block of the larger 320 BGPSEC security protocol used to validate signatures on BGPSEC 321 Signature-Segment origination of Signed-Path segments [ID.sidr- 322 bgpsec-protocol]. Thus its essential security function is the secure 323 binding of an AS number to a public key, consistent with the RPKI 324 allocation/assignment hierarchy. 326 6. IANA Considerations 328 None. 330 7. Acknowledgements 332 We would like to thanks Geoff Huston, George Michaelson, and Robert 333 Loomans for their work on [ID.sidr-res-cert-profile], which this work 334 is based on. In addition, the efforts of Steve Kent and Matt 335 Lepinski were instrumental in preparing this work. Additionally, 336 we'd like to thank Roque Gagliano, Sandra Murphy, and Geoff Huston 337 for their reviews and comments. 339 8. References 341 8.1. Normative References 343 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 344 Requirement Levels", BCP 14, RFC 2119, March 1997. 346 [RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP 347 Addresses and AS Identifiers", RFC 3779, June 2004. 349 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border 350 Gateway Protocol 4 (BGP-4)", RFC 4271, January 2006. 352 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 353 Housley, R., and W. Polk, "Internet X.509 Public Key 354 Infrastructure Certificate and Certificate Revocation List 355 (CRL) Profile", RFC 5280, May 2008. 357 [ID.sidr-res-cert-profile] Huston, G., Michaelson, G., and R. 358 Loomans, "A Profile for X.509 PKIX Resource Certificates", 359 draft-ietf-sidr-res-certs, work-in-progress. 361 [ID.sidr-rpki-algs] Huston, G., "The Profile for Algorithms and Key 362 Sizes for use in the Resource Public Key Infrastructure", 363 draft-ietf-sidr-rpki-algs, work-in-progress. 365 [ID.sidr-bgpsec-algs] Reynolds, M. and S. Turner, "BGP Algorithms, 366 Key Formats, & Signature Formats", draft-ietf-sidr-bgpsec- 367 algs, work-in-progress. 369 8.2. Informative References 371 [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", 372 RFC 4272, January 2006. 374 [RFC5123] White, R. and B. Akyol, "Considerations in Validating the 375 Path in BGP", RFC 5123, February 2008. 377 [RFC5492] Scudder, J. and R. Chandra, "Capabilities Advertisement 378 with BGP-4", RFC 5492, February 2009. 380 [ID.sidr-cp] Kent, S., Kong, D., Seo, K., and R., Watro, 381 "Certificate Policy (CP) for the Resource PKI (RPKI)", 382 draft-ietf-sidr-cp, work-in-progress. 384 [ID.sidr-arch] Lepinski, M. and S. Kent, "An Infrastructure to 385 Support Secure Internet Routing", draft-ietf-sidr-arch, 386 work-in-progress. 388 [ID.sidr-rpki-roa-format] Lepinski, M., Kent, S., and D. Kong, "A 389 Profile for Route Origin Authorizations (ROAs)", draft- 390 ietf-sidr-roa-format, work-in-progress 392 [ID.sidr-rpki-manifests] Austein, R., Huston, G., Kent, S., and M. 393 Lepinski, "Manifests for the Resource Public Key 394 Infrastructure", draft-ietf-sidr-rpki-manifests, work-in- 395 progress. 397 [ID.sidr-algorithm-agility] Gagliano, R., Kent, S., and S. Turner, 398 "Algorithm Agility Procedure for RPKI", draft-ietf-sidr- 399 algorithm-agility, work-in-progress. 401 [ID.sidr-bgpsec-protocol] Lepinksi, M., "BGPSEC Protocol 402 Specification", draft-ietf-sidr-bgpsec-protocol, work-in- 403 progress. 405 Appendix A. ASN.1 Module 407 BGPSECEKU { iso(1) identified-organization(3) dod(6) internet(1) 408 security(5) mechanisms(5) pkix(7) id-mod(0) TBD } 410 DEFINITIONS EXPLICIT TAGS ::= 412 BEGIN 414 -- EXPORTS ALL -- 416 -- IMPORTS NOTHING -- 418 -- OID Arc -- 420 id-kp OBJECT IDENTIFIER ::= { 421 iso(1) identified-organization(3) dod(6) internet(1) 422 security(5) mechanisms(5) kp(3) } 424 -- BGPSEC Router Extended Key Usage -- 426 id-kp-bgpsec-router OBJECT IDENTIFIER ::= { id-kp TBD } 428 END 430 Appendix B. Example BGPSEC Router Certificate 431 Appendix C. Example BGPSEC Router Certificate Request 433 Appendix D. Change Log 435 Please delete this section prior to publication. 437 D.1 Changes from turner-bgpsec-pki-profiles-02 to sidr-bgpsec-pki- 438 profiles-00 440 Added an ASN.1 Module and corrected the id-kp OID in s3.1.3.1. 442 D.2 Changes from turner-bgpsec-pki-profiles-02 to sidr-bgpsec-pki- 443 profiles-00 445 Added this change log. 447 Amplified that a BGPSEC RP will need to support both the algorithms 448 in [ID.sidr-bgpsec-algs] for BGPSEC and the algorithms in [ID.sidr- 449 rpki-algs] for certificates and CRLs. 451 Changed the name of AS Resource extension to AS Resource Identifier 452 Delegation to match what's in RFC 3779. 454 D.3 Changes from turner-bgpsec-pki-profiles -01 to -02 456 Added text in Section 2 to indicate that there's no impact on the 457 procedures defined in [ID.sidr-algorithm-agility]. 459 Added a security consideration to let implementers know the BGPSEC 460 certificates will not pass RPKI validation [ID.sidr-res-cert-profile] 461 and that keying off the EKU will help tremendously. 463 D.4 Changes from turner-bgpsec-pki-profiles -00 to -01 465 Corrected Section 2 to indicate that CA certificates are also RPKI 466 certificates. 468 Removed sections and text that was already in [ID.sidr-res-cert- 469 profile]. This will make it easier for reviewers to figure out what 470 is different. 472 Modified Section 6 to use 2119-language. 474 Removed requirement from Section 6 to check that the AS # in the 475 certificate is the last number in the AS path information of each BGP 476 UPDATE message. Moved to [ID.sidr-bgpsec-protocol]. 478 Authors' Addresses 480 Mark Reynolds 481 Island Peak Software 482 328 Virginia Road 483 Concord, MA 01742 485 Email: mcr@islandpeaksoftware.com 487 Sean Turner 488 IECA, Inc. 489 3057 Nutley Street, Suite 106 490 Fairfax, VA 22031 491 USA 493 EMail: turners@ieca.com 495 Steve Kent 496 Raytheon BBN Technologies 497 10 Moulton St. 498 Cambridge, MA 02138 500 Email: kent@bbn.com