idnits 2.17.1 draft-ietf-sidr-rfc6490-bis-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 8, 2015) is 3122 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 5781 -- Obsolete informational reference (is this intentional?): RFC 6486 (Obsoleted by RFC 9286) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SIDR G. Huston 3 Internet-Draft APNIC 4 Obsoletes: 6490 (if approved) S. Weiler 5 Intended status: Standards Track Parsons 6 Expires: April 10, 2016 G. Michaelson 7 APNIC 8 S. Kent 9 BBN 10 October 8, 2015 12 Resource Public Key Infrastructure (RPKI) Trust Anchor Locator 13 draft-ietf-sidr-rfc6490-bis-05 15 Abstract 17 This document defines a Trust Anchor Locator (TAL) for the Resource 18 Public Key Infrastructure (RPKI). This document obsoletes RFC6490 by 19 adding support for multiple URIs in a TAL. 21 Status of this Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on April 10, 2016. 38 Copyright Notice 40 Copyright (c) 2015 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 57 2. Trust Anchor Locator . . . . . . . . . . . . . . . . . . . . . 3 58 2.1. Trust Anchor Locator Format . . . . . . . . . . . . . . . . 3 59 2.2. TAL and Trust Anchor Certificate Considerations . . . . . . 4 60 2.3. Example . . . . . . . . . . . . . . . . . . . . . . . . . . 6 61 3. Relying Party Use . . . . . . . . . . . . . . . . . . . . . . . 6 62 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 63 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 64 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7 65 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 66 7.1. Normative References . . . . . . . . . . . . . . . . . . . 8 67 7.2. Informative References . . . . . . . . . . . . . . . . . . 8 68 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 70 1. Introduction 72 This document defines a Trust Anchor Locator (TAL) for the Resource 73 Public Key Infrastructure (RPKI) [RFC6480]. This format may be used 74 to distribute trust anchor material using a mix of out-of-band and 75 online means. Procedures used by Relying Parties (RPs) to verify 76 RPKI signed objects SHOULD support this format to facilitate 77 interoperability between creators of trust anchor material and RPs. 78 This document obsoletes RFC 6490 by adding support for multiple URIs 79 in a TAL. 81 1.1. Terminology 83 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 84 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 85 document are to be interpreted as described in [RFC2119]. 87 2. Trust Anchor Locator 89 2.1. Trust Anchor Locator Format 91 This document does not propose a new format for trust anchor 92 material. A trust anchor in the RPKI is represented by a self-signed 93 X.509 Certification Authority (CA) certificate, a format commonly 94 used in PKIs and widely supported by RP software. This document 95 specifies a format for data used to retrieve and verify the 96 authenticity of a trust anchor in a very simple fashion. That data 97 is referred to as the TAL. 99 The motivation for defining the TAL is to enable selected data in the 100 trust anchor to change, without needing to effect redistribution of 101 the trust anchor per se. In the RPKI, certificates contain 102 extensions that represent Internet Number Resources (INRs) [RFC3779]. 103 The set of INRs associated with an entity acting as a trust anchor is 104 likely to change over time. Thus, if one were to use the common PKI 105 convention of distributing a trust anchor to RPs in a secure fashion 106 then this procedure would need to be repeated whenever the INR set 107 for the entity acting as a trust anchor changed. By distributing the 108 TAL (in a secure fashion), instead of distributing the trust anchor, 109 this problem is avoided, i.e., the TAL is constant so long as the 110 trust anchor's public key and its location do not change. 112 The TAL is analogous to the TrustAnchorInfo data structure [RFC5914] 113 adopted as a PKIX standard. That standard could be used to represent 114 the TAL, if one defined an rsync URI extension for that data 115 structure. However, the TAL format was adopted by RPKI implementors 116 prior to the PKIX trust anchor work, and the RPKI implementer 117 community has elected to utilize the TAL format, rather than define 118 the requisite extension. The community also prefers the simplicity 119 of the ASCII encoding of the TAL, versus the binary (ASN.1) encoding 120 for TrustAnchorInfo. 122 The TAL is an ordered sequence of: 124 1) a URI section, 126 2) a or line break, 128 3) a subjectPublicKeyInfo [RFC5280] in DER format [X.509], 129 encoded in Base64 (see Section 4 of [RFC4648]. To avoid long 130 lines or line breaks MAY be inserted into the 131 Base64 encoded string. 133 where the URI section is comprised of one of more of the ordered 134 sequence of: 136 1.1) an rsync URI [RFC5781], 138 1.2) a or line break. 140 2.2. TAL and Trust Anchor Certificate Considerations 142 Each rsync URI in the TAL MUST reference a single object. It MUST 143 NOT reference a directory or any other form of collection of objects. 145 The referenced object MUST be a self-signed CA certificate that 146 conforms to the RPKI certificate profile [RFC6487]. This certificate 147 is the trust anchor in certification path discovery [RFC4158] and 148 validation [RFC5280][RFC3779]. 150 The validity interval of this trust anchor SHOULD reflect the 151 anticipated period of stability of the particular set of INRs that 152 are associated with the putative trust anchor. 154 The INR extension(s) of this trust anchor MUST contain a non-empty 155 set of number resources. It MUST NOT use the "inherit" form of the 156 INR extension(s). The INR set described in this certificate is the 157 set of number resources for which the issuing entity is offering 158 itself as a putative trust anchor in the RPKI [RFC6480]. 160 The public key used to verify the trust anchor MUST be the same as 161 the subjectPublicKeyInfo in the CA certificate and in the TAL. 163 The trust anchor MUST contain a stable key. This key MUST NOT change 164 when the certificate is reissued due to changes in the INR 165 extension(s), when the certificate is renewed prior to expiration or 166 for any reason other than a key change. 168 Because the public key in the TAL and the trust anchor MUST be 169 stable, this motivates operation of that CA in an off-line mode. 170 Thus the entity that issues the trust anchor SHOULD issue a 171 subordinate CA certificate that contains the same INRs (via the use 172 of the "inherit" option in the INR extensions of the subordinate 173 certificate). This allows the entity that issues the trust anchor to 174 keep the corresponding private key of this certificate off-line, 175 while issuing all relevant child certificates under the immediate 176 subordinate CA. This measure also allows the Certificate Revocation 177 List (CRL) issued by that entity to be used to revoke the subordinate 178 CA certificate in the event of suspected key compromise of this 179 potentially more vulnerable online operational key pair. 181 The trust anchor MUST be published at a stable URI. When the trust 182 anchor is reissued for any reason, the replacement CA certificate 183 MUST be accessible using the same URI. 185 Because the trust anchor is a self-signed certificate, there is no 186 corresponding CRL that can be used to revoke it, nor is there a 187 manifest [RFC6486] that lists this certificate. 189 If an entity wishes to withdraw a self-signed CA certificate as a 190 putative trust anchor, for any reason, including key rollover, the 191 entity MUST remove the object from the location referenced in the 192 TAL. 194 Where the TAL contains two or more rsync URIs, then the same self- 195 signed CA certificate MUST be found at each referenced location. In 196 order to operational increase resilience, it is RECOMMENDED that the 197 domain name parts of each of these URIs resolve to distinct IP 198 addresses that are used by a diverse set of repository publication 199 points, and these IP addresses be included in distinct Route 200 Origination Authorizations (ROAs) objects signed by different CAs. 202 2.3. Example 204 rsync://rpki.example.org/rpki/hedgehog/root.cer 206 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovWQL2lh6knDx 207 GUG5hbtCXvvh4AOzjhDkSHlj22gn/1oiM9IeDATIwP44vhQ6L/xvuk7W6 208 Kfa5ygmqQ+xOZOwTWPcrUbqaQyPNxokuivzyvqVZVDecOEqs78q58mSp9 209 nbtxmLRW7B67SJCBSzfa5XpVyXYEgYAjkk3fpmefU+AcxtxvvHB5OVPIa 210 BfPcs80ICMgHQX+fphvute9XLxjfJKJWkhZqZ0v7pZm2uhkcPx1PMGcrG 211 ee0WSDC3fr3erLueagpiLsFjwwpX6F+Ms8vqz45H+DKmYKvPSstZjCCq9 212 aJ0qANT9OtnfSDOS+aLRPjZryCNyvvBHxZXqj5YCGKtwIDAQAB 214 3. Relying Party Use 216 In order to use the TAL to retrieve and validate a (putative) trust 217 anchor, an RP SHOULD: 219 1. Retrieve the object referenced by (one of) the URI(s) contained 220 in the TAL. 222 2. Confirm that the retrieved object is a current, self-signed RPKI 223 CA certificate that conforms to the profile as specified in 224 [RFC6487]. 226 3. Confirm that the public key in the TAL matches the public key in 227 the retrieved object. 229 4. Perform other checks, as deemed appropriate (locally), to ensure 230 that the RP is willing to accept the entity publishing this self- 231 signed CA certificate to be a trust anchor. These test apply to 232 the validity of attestations made in the context of the RPKI 233 relating to all resources described in the INR extension of this 234 certificate. 236 An RP SHOULD perform these functions for each instance of TAL that it 237 is holding for this purpose every time the RP performs a re- 238 synchronization across the local repository cache. In any case, an 239 RP also SHOULD perform these functions prior to the expiration of the 240 locally cached copy of the retrieved trust anchor referenced by the 241 TAL. 243 In the case where a TAL contains multiple URIs, an RP MAY use a 244 locally defined preference rule to select the URI to retrieve the 245 self-signed RPKI CA certificate that is to be used as a trust anchor. 246 Some examples are: 248 o Using the order provided in the TAL 249 o Selecting the URI randomly from the available list 250 o Creating a prioritized list of URIs based on RP-specific 251 parameters, such as connection establishment delay 253 If the connection to the preferred URI fails, or the retrieved CA 254 certificate public key does not match the TAL public key, the RP 255 SHOULD retrieve the CA certificate from the next URI, according to 256 the local preference ranking of URIs. 258 4. Security Considerations 260 Compromise of a trust anchor private key permits unauthorized parties 261 to masquerade as a trust anchor, with potentially severe 262 consequences. Reliance on an inappropriate or incorrect trust anchor 263 has similar potentially severe consequences. 265 This TAL does not directly provide a list of resources covered by the 266 referenced self-signed CA certificate. Instead, the RP is referred 267 to the trust anchor itself and the INR extension(s) within this 268 certificate. This provides necessary operational flexibility, but it 269 also allows the certificate issuer to claim to be authoritative for 270 any resource. Relying parties should either have great confidence in 271 the issuers of such certificates that they are configuring as trust 272 anchors, or they should issue their own self-signed certificate as a 273 trust anchor and, in doing so, impose constraints on the subordinate 274 certificates. 276 5. IANA Considerations 278 [This document specifies no IANA actions.] 280 6. Acknowledgments 282 This approach to trust anchor material was originally described by 283 Robert Kisteleki. 285 The authors acknowledge the contributions of Rob Austein and Randy 286 Bush, who assisted with drafting this document and with helpful 287 review comments. 289 The authors acknowledge with work of Roque Gagliano, Terry Manderson 290 and Carlos Martinez Cagnazzo in developing the ideas behind the 291 inclusion of multiple URIs in the TAL. 293 7. References 295 7.1. Normative References 297 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 298 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 299 RFC2119, March 1997, 300 . 302 [RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP 303 Addresses and AS Identifiers", RFC 3779, DOI 10.17487/ 304 RFC3779, June 2004, 305 . 307 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 308 Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, 309 . 311 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 312 Housley, R., and W. Polk, "Internet X.509 Public Key 313 Infrastructure Certificate and Certificate Revocation List 314 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 315 . 317 [RFC5781] Weiler, S., Ward, D., and R. Housley, "The rsync URI 318 Scheme", RFC 5781, DOI 10.17487/RFC5781, February 2010, 319 . 321 [RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for 322 X.509 PKIX Resource Certificates", RFC 6487, DOI 10.17487/ 323 RFC6487, February 2012, 324 . 326 [X.509] ITU-T, "Recommendation X.509: The Directory - 327 Authentication Framework", 2000. 329 7.2. Informative References 331 [RFC4158] Cooper, M., Dzambasow, Y., Hesse, P., Joseph, S., and R. 332 Nicholas, "Internet X.509 Public Key Infrastructure: 333 Certification Path Building", RFC 4158, DOI 10.17487/ 334 RFC4158, September 2005, 335 . 337 [RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor 338 Format", RFC 5914, DOI 10.17487/RFC5914, June 2010, 339 . 341 [RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support 342 Secure Internet Routing", RFC 6480, DOI 10.17487/RFC6480, 343 February 2012, . 345 [RFC6486] Austein, R., Huston, G., Kent, S., and M. Lepinski, 346 "Manifests for the Resource Public Key Infrastructure 347 (RPKI)", RFC 6486, DOI 10.17487/RFC6486, February 2012, 348 . 350 Authors' Addresses 352 Geoff Huston 353 APNIC 355 Email: gih@apnic.net 356 URI: http://www.apnic.net 358 Samuel Weiler 359 Parsons 360 7110 Samuel Morse Drive 361 Columbia, Maryland 21046 362 USA 364 Email: weiler@tislabs.com 366 George Michaelson 367 APNIC 369 Email: ggm@apnic.net 370 URI: http://www.apnic.net 372 Stephen Kent 373 BBN Technologies 374 10 Moulton St. 375 Cambridge, MA 02138 376 USA 378 Email: kent@bbn.com