idnits 2.17.1 draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 19, 2018) is 2045 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 2986 ** Downref: Normative reference to an Informational RFC: RFC 6090 ** Obsolete normative reference: RFC 8208 (Obsoleted by RFC 8608) -- Possible downref: Non-RFC (?) normative reference: ref. 'DSS' -- Possible downref: Non-RFC (?) normative reference: ref. 'SHS' Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force (IETF) S. Turner 3 Internet-Draft sn3rd 4 Updates: 8208 (if approved) O. Borchert 5 Intended status: Standards Track NIST 6 Expires: March 23, 2019 September 19, 2018 8 BGPsec Algorithms, Key Formats, and Signature Formats 9 draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-03 11 Abstract 13 This document specifies the algorithms, algorithm parameters, 14 asymmetric key formats, asymmetric key sizes, and signature formats 15 used in BGPsec (Border Gateway Protocol Security). This document 16 updates RFC 8208 ("BGPsec Algorithms, Key Formats, and Signature 17 Formats") by adding Special-Use Algorithm IDs and correcting the 18 range of unassigned algorithms IDs to fill the complete range. 20 This document also includes example BGPsec UPDATE messages as well as 21 the private keys used to generate the messages and the certificates 22 necessary to validate those signatures. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on August 2, 2018 41 Copyright Notice 43 Copyright (c) 2018 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 60 1.2. Changes from RFC 8208 . . . . . . . . . . . . . . . . . . 4 61 2. Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . 4 62 2.1. Algorithm ID Types . . . . . . . . . . . . . . . . . . . . 4 63 2.2. Signature Algorithms . . . . . . . . . . . . . . . . . . . 5 64 2.2.1. Algorithm ID 0x01 - (ECDSA-P256) . . . . . . . . . . . 5 65 3. Asymmetric Key Pair Formats . . . . . . . . . . . . . . . . . 6 66 3.1. Asymmetric Key Pair for Algorithm ID 0x01 - (ECDSA-P256) . 6 67 3.1.1. Public Key Format . . . . . . . . . . . . . . . . . . 6 68 3.1.2. Private Key Format . . . . . . . . . . . . . . . . . . 6 69 4. Signature Formats . . . . . . . . . . . . . . . . . . . . . . 6 70 5. Additional Requirements . . . . . . . . . . . . . . . . . . . 6 71 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 72 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 73 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 74 8.1. Normative References . . . . . . . . . . . . . . . . . . . 9 75 8.2. Informative References . . . . . . . . . . . . . . . . . . 11 76 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 12 77 A.1. Topology and Experiment Description . . . . . . . . . . . 12 78 A.2. Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 79 A.3. BGPsec IPv4 . . . . . . . . . . . . . . . . . . . . . . . 16 80 A.4. BGPsec IPv6 . . . . . . . . . . . . . . . . . . . . . . . 19 81 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 22 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 84 1. Introduction 86 This document specifies the following: 88 o the digital signature algorithm and parameters, 90 o the hash algorithm and parameters, 92 o the algorithm identifier assignment and classification, 94 o the public and private key formats, and 96 o the signature formats 98 used by Resource Public Key Infrastructure (RPKI) Certification 99 Authorities (CAs) and BGPsec (Border Gateway Protocol Security) 100 speakers (i.e., routers). CAs use these algorithms when processing 101 requests for BGPsec Router Certificates [RFC8209]. Examples of when 102 BGPsec routers use these algorithms include requesting BGPsec 103 certificates [RFC8209], signing BGPsec UPDATE messages [RFC8205], and 104 verifying signatures on BGPsec UPDATE messages [RFC8205]. 106 This document updates [RFC7935] to add support for a) a different 107 algorithm for BGPsec certificate requests, which are issued only by 108 BGPsec speakers; b) a different Subject Public Key Info format for 109 BGPsec certificates, which is needed for the specified BGPsec 110 signature algorithm; and c) different signature formats for BGPsec 111 signatures, which are needed for the specified BGPsec signature 112 algorithm. The BGPsec certificates are differentiated from other 113 RPKI certificates by the use of the BGPsec Extended Key Usage as 114 defined in [RFC8209]. BGPsec uses a different algorithm [RFC6090] 115 [DSS] as compared to the rest of the RPKI by using a different 116 algorithm that provides similar security with smaller keys making the 117 certificates smaller; these algorithms also result in smaller 118 signatures, which makes the PDUs smaller. 120 Appendix A contains example BGPsec UPDATE messages as well as the 121 private keys used to generate the messages and the certificates 122 necessary to validate the signatures. 124 1.1. Terminology 126 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 127 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 128 "OPTIONAL" in this document are to be interpreted as described in 129 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 130 capitals, as shown here. 132 1.2. Changes from RFC 8208 134 This section describes the significant changes between [RFC8208] and 135 this document. 137 o Added Section 2.1 of algorithm ID types. Also, the interpretation 138 of these IDs is described. 140 o Restructured Sections 2 and 3 to align with the corresponding 141 algorithm suite identifier value. 143 o Correction of range for unassigned algorithm suite identifier 144 values. 146 o Adding of Special-Use algorithm suite identifier values. 148 2. Algorithms 150 The algorithms used to compute signatures on CA certificates, 151 BGPsec Router Certificates, and Certificate Revocation Lists 152 (CRLs) are as specified in Section 2 of [RFC7935]. This section 153 addresses BGPsec algorithms; for example, these algorithms are 154 used by BGPsec routers to sign and verify BGPsec UPDATE messages. 155 To identify which algorithm is used, the BGPsec UPDATE message 156 contains the corresponding algorithm ID in each Signature_Block of 157 the BGPsec UPDATE message. 159 2.1. Algorithm ID Types 161 Algorithms in BGPsec UPDATE messages are identified by the 162 Algorithm Suite Identifier field (Algorithm ID) within the 163 Signature_Block (see Section 3.2 of [RFC8205]). 165 This document specifies four types of algorithm IDs: 167 o Reserved Algorithm ID 169 Reserved algorithm IDs are the values 0x00 and 0xFF. These IDs 170 MUST NOT be used in a Signature_Block and if encountered, the 171 router MUST treat BGPsec UPDATE messages as Malformed [RFC4271]. 173 o Signature Algorithm ID 175 Signature algorithms are defined in Section 2.2 of this document. 176 Processing of BGPsec UPDATE signing and validation using signature 177 algorithms is described in length in Section 4.2 and Section 5.2 178 of [RFC8205]. 180 o Unassigned Algorithm ID 182 This type of algorithm ID is free for future assignments and MUST 183 NOT be used until an algorithm is officially assigned (see 184 Section 7). In case a router encounters an unassigned algorithm 185 ID in one of the Signature_Blocks of a BGPsec UPDATE message, the 186 router SHOULD process the Signature_Block as 187 "unsupported algorithm" as specified in Section 5.2 of [RFC8205]. 189 o Special-Use Algorithm ID 191 Special-Use algorithm IDs span from 0xFA (250) to 0xFE (254). To 192 allow documentation and experimentation to accurately describe 193 deployment examples, the use of publicly assigned algorithm IDs is 194 inappropriate, and a reserved block of Special-Use algorithm IDs 195 is required. This ensures that documentation and experimentation 196 does not clash with assigned algorithm IDs in deployed networks, 197 and mitigates the risks to operational integrity of the network 198 through inappropriate use of documentation to perform literal 199 configuration of routing elements on production systems. A router 200 that encounters an algorithm ID of this type outside of an 201 experimental network, SHOULD treat it the same as 202 "unsupported algorithm" as specified in Section 5.2 of [RFC8205]. 204 2.2. Signature Algorithms 206 2.2.1. Algorithm ID 0x01 - (ECDSA-P256) 208 o The signature algorithm used MUST be the Elliptic Curve Digital 209 Signature Algorithm (ECDSA) with curve P-256 [RFC6090] [DSS]. 211 o The hash algorithm used MUST be SHA-256 [SHS]. 213 Hash algorithms are not identified by themselves in certificates or 214 BGPsec UPDATE messages. They are represented by an OID that combines 215 the hash algorithm with the digital signature algorithm as follows: 217 o The ecdsa-with-SHA256 OID [RFC5480] MUST appear in the Public-Key 218 Cryptography Standards #10 (PKCS #10) signatureAlgorithm field 219 [RFC2986] or in the Certificate Request Message Format (CRMF) 220 POPOSigningKey algorithm field [RFC4211]; where the OID is placed 221 depends on the certificate request format generated. 223 o In BGPsec UPDATE messages, the ECDSA with SHA-256 algorithm suite 224 identifier value 0x01 (see Section 7) is included in the 225 Signature_Block List's Algorithm Suite Identifier field. 227 3. Asymmetric Key Pair Formats 229 The key formats used to compute signatures on CA certificates, BGPsec 230 Router Certificates, and CRLs are as specified in Section 3 of 231 [RFC7935]. This section addresses key formats found in the BGPsec 232 Router Certificate requests and in BGPsec Router Certificates. 234 3.1. Asymmetric Key Pair for Algorithm ID 0x01 - (ECDSA-P256) 236 The ECDSA private keys used to compute signatures for certificate 237 requests and BGPsec UPDATE messages MUST be associated with the P-256 238 curve domain parameters [RFC5480]. The public key pair MUST use the 239 uncompressed form. 241 3.1.1. Public Key Format 243 The Subject's public key is included in subjectPublicKeyInfo 244 [RFC5280]. It has two sub-fields: algorithm and subjectPublicKey. 245 The values for the structures and their sub-structures follow: 247 o algorithm (an AlgorithmIdentifier type): The id-ecPublicKey OID 248 MUST be used in the algorithm field, as specified in Section 2.1.1 249 of [RFC5480]. The value for the associated parameters MUST be 250 secp256r1, as specified in Section 2.1.1.1 of [RFC5480]. 252 o subjectPublicKey: ECPoint MUST be used to encode the certificate's 253 subjectPublicKey field, as specified in Section 2.2 of [RFC5480]. 255 3.1.2. Private Key Format 257 Local policy determines private key format. 259 4. Signature Formats 261 The structure for the certificate's and CRL's signature field MUST be 262 as specified in Section 4 of [RFC7935]; this is the same format used 263 by other RPKI certificates. The structure for the certification 264 request's and BGPsec UPDATE message's signature field MUST be as 265 specified in Section 2.2.3 of [RFC3279]. 267 5. Additional Requirements 269 It is anticipated that BGPsec will require the adoption of updated 270 key sizes and a different set of signature and hash algorithms over 271 time, in order to maintain an acceptable level of cryptographic 272 security. This profile should be updated to specify such future 273 requirements, when appropriate. 275 The recommended procedures to implement such a transition of key 276 sizes and algorithms are specified in [RFC6916]. 278 6. Security Considerations 280 The security considerations of [RFC3279], [RFC5480], [RFC6090], 281 [RFC7935], and [RFC8209] apply to certificates. The security 282 considerations of [RFC3279], [RFC6090], [RFC7935], and [RFC8209] 283 apply to certification requests. The security considerations of 284 [RFC3279], [RFC6090], and [RFC8205] apply to BGPsec UPDATE messages. 285 No new security considerations are introduced as a result of this 286 specification. 288 7. IANA Considerations 290 The Internet Assigned Numbers Authority (IANA) has created the 291 "BGPsec Algorithm Suite Registry" in the Resource Public Key 292 Infrastructure (RPKI) group. The one-octet "BGPsec Algorithm Suite 293 Registry" identifiers assigned by IANA identify the digest algorithm 294 and signature algorithm used in the BGPsec Signature_Block List's 295 Algorithm Suite Identifier field. 297 IANA has registered a single algorithm suite identifier for the 298 digest algorithm SHA-256 [SHS] and for the signature algorithm ECDSA 299 on the P-256 curve [RFC6090] [DSS]. 301 IANA is asked to modify the previously registered "Unassigned" 302 address space. 304 Algorithm Digest Signature Specification 305 Suite Algorithm Algorithm Pointer 306 Identifier 307 +------------+---------------+--------------+-----------------------+ 308 | 0x2-0xEF | Unassigned | Unassigned | | 309 +------------+---------------+--------------+-----------------------+ 311 To be modified to: 313 Algorithm Digest Signature Specification 314 Suite Algorithm Algorithm Pointer 315 Identifier 316 +------------+---------------+--------------+-----------------------+ 317 | 0x2-0xFA | Unassigned | Unassigned | | 318 +------------+---------------+--------------+-----------------------+ 319 In addition IANA is asked to register the following address space for 320 "Special-Use": 322 Algorithm Digest Signature Specification 323 Suite Algorithm Algorithm Pointer 324 Identifier 325 +------------+---------------+--------------+-----------------------+ 326 | 0xFB-0xFE | Special-Use | Special-Use | This Document | 327 +------------+---------------+--------------+-----------------------+ 329 After the requested modification, the "BGPsec Algorithm Suite 330 Registry" in the RPKI group should contain the following values: 332 BGPsec Algorithm Suite Registry 334 Algorithm Digest Signature Specification 335 Suite Algorithm Algorithm Pointer 336 Identifier 337 +------------+---------------+--------------+-----------------------+ 338 | 0x00 | Reserved | Reserved | This document | 339 +------------+---------------+--------------+-----------------------+ 340 | 0x01 | SHA-256 | ECDSA P-256 | [SHS] [DSS] [RFC6090] | 341 | | | | This document | 342 +------------+---------------+--------------+-----------------------+ 343 | 0x02-0xFA | Unassigned | Unassigned | | 344 +------------+---------------+--------------+-----------------------+ 345 | 0xFB-0xFE | Special-Use | Special-Use | This Document | 346 +------------+---------------+--------------+-----------------------+ 347 | 0xFF | Reserved | Reserved | This document | 348 +------------+---------------+--------------+-----------------------+ 350 Future assignments are to be made using the Standards Action process 351 defined in [RFC8126]. Assignments consist of the one-octet algorithm 352 suite identifier value and the associated digest algorithm name and 353 signature algorithm name. 355 8. References 357 8.1. Normative References 359 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 360 Requirement Levels", BCP 14, RFC 2119, DOI 361 10.17487/RFC2119, March 1997, . 364 [RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification 365 Request Syntax Specification Version 1.7", RFC 2986, DOI 366 10.17487/RFC2986, November 2000, . 369 [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and 370 Identifiers for the Internet X.509 Public Key 371 Infrastructure Certificate and Certificate Revocation List 372 (CRL) Profile", RFC 3279, DOI 10.17487/RFC3279, April 373 2002, . 375 [RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure 376 Certificate Request Message Format (CRMF)", RFC 4211, DOI 377 10.17487/RFC4211, September 2005, . 380 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 381 Border Gateway Protocol 4 (BGP-4)", RFC 4271, DOI 382 10.17487/RFC4271, January 2006, . 385 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 386 Housley, R., and W. Polk, "Internet X.509 Public Key 387 Infrastructure Certificate and Certificate Revocation List 388 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 389 . 391 [RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk, 392 "Elliptic Curve Cryptography Subject Public Key 393 Information", RFC 5480, DOI 10.17487/RFC5480, March 2009, 394 . 396 [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic 397 Curve Cryptography Algorithms", RFC 6090, DOI 398 10.17487/RFC6090, February 2011, . 401 [RFC6916] Gagliano, R., Kent, S., and S. Turner, "Algorithm Agility 402 Procedure for the Resource Public Key Infrastructure 403 (RPKI)", BCP 182, RFC 6916, DOI 10.17487/RFC6916, April 404 2013, . 406 [RFC7935] Huston, G. and G. Michaelson, Ed., "The Profile for 407 Algorithms and Key Sizes for Use in the Resource Public 408 Key Infrastructure", RFC 7935, DOI 10.17487/RFC7935, 409 August 2016, . 411 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 412 Writing an IANA Considerations Section in RFCs", BCP 26, 413 RFC 8126, DOI 10.17487/RFC8126, June 2017, 414 . 416 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in 417 RFC 2119 Key Words", BCP 14, RFC 8174, DOI 418 10.17487/RFC8174, May 2017, . 421 [RFC8205] Lepinski, M., Ed., and K. Sriram, Ed., "BGPsec Protocol 422 Specification", RFC 8205, DOI 10.17487/RFC8205, September 423 2017, . 425 [RFC8208] Turner, S. and O. Borchert, "BGPsec Algorithms, Key 426 Formats, and Signature Formats", RFC 8208, DOI 427 10.17487/RFC8208, September 2017, . 430 [RFC8209] Reynolds, M., Turner, S., and S. Kent, "A Profile for 431 BGPsec Router Certificates, Certificate Revocation Lists, 432 and Certification Requests", RFC 8209, DOI 433 10.17487/RFC8209, September 2017, . 436 [DSS] National Institute of Standards and Technology, "Digital 437 Signature Standard (DSS)", NIST FIPS Publication 186-4, 438 DOI 10.6028/NIST.FIPS.186-4, July 2013, 439 . 442 [SHS] National Institute of Standards and Technology, "Secure 443 Hash Standard (SHS)", NIST FIPS Publication 180-4, 444 DOI 10.6028/NIST.FIPS.180-4, August 2015, 445 . 448 8.2. Informative References 450 [RFC5398] Huston, G., "Autonomous System (AS) Number Reservation for 451 Documentation Use", RFC 5398, DOI 10.17487/RFC5398, 452 December 2008, . 454 [RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature 455 Algorithm (DSA) and Elliptic Curve Digital Signature 456 Algorithm (ECDSA)", RFC 6979, DOI 10.17487/RFC6979, August 457 2013, . 459 Appendix A. Examples 461 A.1. Topology and Experiment Description 463 Topology: 465 AS(64496)----AS(65536)----AS(65537) 467 Prefix Announcement: AS(64496), 192.0.2.0/24, 2001:db8::/32 469 The signature algorithm used in this example is ECDSA P-256 using the 470 algorithm suite identifier ID 0x01 as specified in Section 7 of this 471 document. 473 A.2. Keys 475 For this example, the ECDSA algorithm was provided with a static k to 476 make the result deterministic. 478 The k used for all signature operations was taken from [RFC6979], 479 Appendix A.2.5, "Signatures With SHA-256, message = 'sample'". 481 k = A6E3C57DD01ABE90086538398355DD4C 482 3B17AA873382B0F24D6129493D8AAD60 484 Keys of AS64496: 485 ================ 486 ski: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154 488 private key: 489 x = D8AA4DFBE2478F86E88A7451BF075565 490 709C575AC1C136D081C540254CA440B9 492 public key: 493 Ux = 7391BABB92A0CB3BE10E59B19EBFFB21 494 4E04A91E0CBA1B139A7D38D90F77E55A 495 Uy = A05B8E695678E0FA16904B55D9D4F5C0 496 DFC58895EE50BC4F75D205A25BD36FF5 498 Router Key Certificate example using OpenSSL 1.0.1e-fips 11 Feb 2013 499 -------------------------------------------------------------------- 500 Certificate: 501 Data: 502 Version: 3 (0x2) 503 Serial Number: 38655612 (0x24dd67c) 504 Signature Algorithm: ecdsa-with-SHA256 505 Issuer: CN=ROUTER-0000FBF0 506 Validity 507 Not Before: Jan 1 05:00:00 2017 GMT 508 Not After : Jul 1 05:00:00 2018 GMT 509 Subject: CN=ROUTER-0000FBF0 510 Subject Public Key Info: 511 Public Key Algorithm: id-ecPublicKey 512 Public-Key: (256 bit) 513 pub: 514 04:73:91:ba:bb:92:a0:cb:3b:e1:0e:59:b1:9e:bf: 515 fb:21:4e:04:a9:1e:0c:ba:1b:13:9a:7d:38:d9:0f: 516 77:e5:5a:a0:5b:8e:69:56:78:e0:fa:16:90:4b:55: 517 d9:d4:f5:c0:df:c5:88:95:ee:50:bc:4f:75:d2:05: 518 a2:5b:d3:6f:f5 519 ASN1 OID: prime256v1 520 X509v3 extensions: 521 X509v3 Key Usage: 522 Digital Signature 523 X509v3 Subject Key Identifier: 524 AB:4D:91:0F:55:CA:E7:1A:21:5E: 525 F3:CA:FE:3A:CC:45:B5:EE:C1:54 526 X509v3 Extended Key Usage: 527 1.3.6.1.5.5.7.3.30 528 sbgp-autonomousSysNum: critical 529 Autonomous System Numbers: 530 64496 531 Routing Domain Identifiers: 532 inherit 534 Signature Algorithm: ecdsa-with-SHA256 535 30:44:02:20:07:b7:b4:6a:5f:a4:f1:cc:68:36:39:03:a4:83: 536 ec:7c:80:02:d2:f6:08:9d:46:b2:ec:2a:7b:e6:92:b3:6f:b1: 537 02:20:00:91:05:4a:a1:f5:b0:18:9d:27:24:e8:b4:22:fd:d1: 538 1c:f0:3d:b1:38:24:5d:64:29:35:28:8d:ee:0c:38:29 540 -----BEGIN CERTIFICATE----- 541 MIIBiDCCAS+gAwIBAgIEAk3WfDAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA9ST1VU 542 RVItMDAwMEZCRjAwHhcNMTcwMTAxMDUwMDAwWhcNMTgwNzAxMDUwMDAwWjAaMRgw 543 FgYDVQQDDA9ST1VURVItMDAwMEZCRjAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC 544 AARzkbq7kqDLO+EOWbGev/shTgSpHgy6GxOafTjZD3flWqBbjmlWeOD6FpBLVdnU 545 9cDfxYiV7lC8T3XSBaJb02/1o2MwYTALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFKtN 546 kQ9VyucaIV7zyv46zEW17sFUMBMGA1UdJQQMMAoGCCsGAQUFBwMeMB4GCCsGAQUF 547 BwEIAQH/BA8wDaAHMAUCAwD78KECBQAwCgYIKoZIzj0EAwIDRwAwRAIgB7e0al+k 548 8cxoNjkDpIPsfIAC0vYInUay7Cp75pKzb7ECIACRBUqh9bAYnSck6LQi/dEc8D2x 549 OCRdZCk1KI3uDDgp 550 -----END CERTIFICATE----- 552 Keys of AS(65536): 553 ================== 554 ski: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC 556 private key: 557 x = 6CB2E931B112F24554BCDCAAFD9553A9 558 519A9AF33C023B60846A21FC95583172 560 public key: 561 Ux = 28FC5FE9AFCF5F4CAB3F5F85CB212FC1 562 E9D0E0DBEAEE425BD2F0D3175AA0E989 563 Uy = EA9B603E38F35FB329DF495641F2BA04 564 0F1C3AC6138307F257CBA6B8B588F41F 566 Router Key Certificate example using OpenSSL 1.0.1e-fips 11 Feb 2013 567 -------------------------------------------------------------------- 568 Certificate: 569 Data: 570 Version: 3 (0x2) 571 Serial Number: 3752143940 (0xdfa52c44) 572 Signature Algorithm: ecdsa-with-SHA256 573 Issuer: CN=ROUTER-00010000 574 Validity 575 Not Before: Jan 1 05:00:00 2017 GMT 576 Not After : Jul 1 05:00:00 2018 GMT 577 Subject: CN=ROUTER-00010000 578 Subject Public Key Info: 579 Public Key Algorithm: id-ecPublicKey 580 Public-Key: (256 bit) 581 pub: 582 04:28:fc:5f:e9:af:cf:5f:4c:ab:3f:5f:85:cb:21: 583 2f:c1:e9:d0:e0:db:ea:ee:42:5b:d2:f0:d3:17:5a: 584 a0:e9:89:ea:9b:60:3e:38:f3:5f:b3:29:df:49:56: 585 41:f2:ba:04:0f:1c:3a:c6:13:83:07:f2:57:cb:a6: 586 b8:b5:88:f4:1f 587 ASN1 OID: prime256v1 588 X509v3 extensions: 589 X509v3 Key Usage: 590 Digital Signature 591 X509v3 Subject Key Identifier: 592 47:F2:3B:F1:AB:2F:8A:9D:26:86: 593 4E:BB:D8:DF:27:11:C7:44:06:EC 594 X509v3 Extended Key Usage: 595 1.3.6.1.5.5.7.3.30 596 sbgp-autonomousSysNum: critical 597 Autonomous System Numbers: 598 65536 599 Routing Domain Identifiers: 600 inherit 602 Signature Algorithm: ecdsa-with-SHA256 603 30:45:02:21:00:8c:d9:f8:12:96:88:82:74:03:a1:82:82:18: 604 c5:31:00:ee:35:38:e8:fa:ae:72:09:fe:98:67:01:78:69:77: 605 8c:02:20:5f:ee:3a:bf:10:66:be:28:d3:b3:16:a1:6b:db:66: 606 21:99:ed:a6:e4:ad:64:3c:ba:bf:44:fb:cb:b7:50:91:74 608 -----BEGIN CERTIFICATE----- 609 MIIBijCCATCgAwIBAgIFAN+lLEQwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPUk9V 610 VEVSLTAwMDEwMDAwMB4XDTE3MDEwMTA1MDAwMFoXDTE4MDcwMTA1MDAwMFowGjEY 611 MBYGA1UEAwwPUk9VVEVSLTAwMDEwMDAwMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD 612 QgAEKPxf6a/PX0yrP1+FyyEvwenQ4Nvq7kJb0vDTF1qg6Ynqm2A+OPNfsynfSVZB 613 8roEDxw6xhODB/JXy6a4tYj0H6NjMGEwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBRH 614 8jvxqy+KnSaGTrvY3ycRx0QG7DATBgNVHSUEDDAKBggrBgEFBQcDHjAeBggrBgEF 615 BQcBCAEB/wQPMA2gBzAFAgMBAAChAgUAMAoGCCqGSM49BAMCA0gAMEUCIQCM2fgS 616 loiCdAOhgoIYxTEA7jU46Pqucgn+mGcBeGl3jAIgX+46vxBmvijTsxaha9tmIZnt 617 puStZDy6v0T7y7dQkXQ= 618 -----END CERTIFICATE----- 620 A.3. BGPsec IPv4 622 BGPsec IPv4 UPDATE from AS(65536) to AS(65537): 623 =============================================== 624 Binary Form of BGPsec UPDATE (TCP-DUMP): 626 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 627 01 03 02 00 00 00 EC 40 01 01 02 80 04 04 00 00 628 00 00 80 0E 0D 00 01 01 04 C6 33 64 64 00 18 C0 629 00 02 90 1E 00 CD 00 0E 01 00 00 01 00 00 01 00 630 00 00 FB F0 00 BF 01 47 F2 3B F1 AB 2F 8A 9D 26 631 86 4E BB D8 DF 27 11 C7 44 06 EC 00 48 30 46 02 632 21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 9C D4 5E 633 81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D 0E A8 4E AF 634 37 16 02 21 00 90 F2 C1 29 AB B2 F3 9B 6A 07 96 635 3B D5 55 A8 7A B2 B7 33 3B 7B 91 F1 66 8F D8 61 636 8C 83 FA C3 F1 AB 4D 91 0F 55 CA E7 1A 21 5E F3 637 CA FE 3A CC 45 B5 EE C1 54 00 48 30 46 02 21 00 638 EF D4 8B 2A AC B6 A8 FD 11 40 DD 9C D4 5E 81 D6 639 9D 2C 87 7B 56 AA F9 91 C3 4D 0E A8 4E AF 37 16 640 02 21 00 8E 21 F6 0E 44 C6 06 6C 8B 8A 95 A3 C0 641 9D 3A D4 37 95 85 A2 D7 28 EE AD 07 A1 7E D7 AA 642 05 5E CA 644 Signature from AS(64496) to AS(65536): 645 -------------------------------------- 646 Digest: 21 33 E5 CA A0 26 BE 07 3D 9C 1B 4E FE B9 B9 77 647 9F 20 F8 F5 DE 29 FA 98 40 00 9F 60 47 D0 81 54 648 Signature: 30 46 02 21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 649 9C D4 5E 81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D 0E 650 A8 4E AF 37 16 02 21 00 8E 21 F6 0E 44 C6 06 6C 651 8B 8A 95 A3 C0 9D 3A D4 37 95 85 A2 D7 28 EE AD 652 07 A1 7E D7 AA 05 5E CA 654 Signature from AS(65536) to AS(65537): 655 -------------------------------------- 656 Digest: 01 4F 24 DA E2 A5 21 90 B0 80 5C 60 5D B0 63 54 657 22 3E 93 BA 41 1D 3D 82 A3 EC 26 36 52 0C 5F 84 658 Signature: 30 46 02 21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 659 9C D4 5E 81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D 0E 660 A8 4E AF 37 16 02 21 00 90 F2 C1 29 AB B2 F3 9B 661 6A 07 96 3B D5 55 A8 7A B2 B7 33 3B 7B 91 F1 66 662 8F D8 61 8C 83 FA C3 F1 664 The human-readable output is produced using bgpsec-io, a BGPsec 665 traffic generator that uses a Wireshark-like printout. 667 Send UPDATE Message 668 +--marker: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 669 +--length: 259 670 +--type: 2 (UPDATE) 671 +--withdrawn_routes_length: 0 672 +--total_path_attr_length: 236 673 +--ORIGIN: INCOMPLETE (4 bytes) 674 | +--Flags: 0x40 (Well-Known, Transitive, Complete) 675 | +--Type Code: ORIGIN (1) 676 | +--Length: 1 byte 677 | +--Origin: INCOMPLETE (1) 678 +--MULTI_EXIT_DISC (7 bytes) 679 | +--Flags: 0x80 (Optional, Non-transitive, Complete) 680 | +--Type Code: MULTI_EXIT_DISC (4) 681 | +--Length: 4 bytes 682 | +--data: 00 00 00 00 683 +--MP_REACH_NLRI (16 bytes) 684 | +--Flags: 0x80 (Optional, Non-transitive, Complete) 685 | +--Type Code: MP_REACH_NLRI (14) 686 | +--Length: 13 bytes 687 | +--Address family: IPv4 (1) 688 | +--Subsequent address family identifier: Unicast (1) 689 | +--Next hop network address: (4 bytes) 690 | | +--Next hop: 198.51.100.100 691 | +--Subnetwork points of attachment: 0 692 | +--Network layer reachability information: (4 bytes) 693 | +--192.0.2.0/24 694 | +--MP Reach NLRI prefix length: 24 695 | +--MP Reach NLRI IPv4 prefix: 192.0.2.0 696 +--BGPSEC Path Attribute (209 bytes) 697 +--Flags: 0x90 (Optional, Complete, Extended Length) 698 +--Type Code: BGPSEC Path Attribute (30) 699 +--Length: 205 bytes 700 +--Secure Path (14 bytes) 701 | +--Length: 14 bytes 702 | +--Secure Path Segment: (6 bytes) 703 | | +--pCount: 1 704 | | +--Flags: 0 705 | | +--AS number: 65536 (1.0) 706 | +--Secure Path Segment: (6 bytes) 707 | +--pCount: 1 708 | +--Flags: 0 709 | +--AS number: 64496 (0.64496) 710 +--Signature Block (191 bytes) 711 +--Length: 191 bytes 712 +--Algo ID: 1 713 +--Signature Segment: (94 bytes) 714 | +--SKI: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC 715 | +--Length: 72 bytes 716 | +--Signature: 3046022100EFD48B 2AACB6A8FD1140DD 717 | 9CD45E81D69D2C87 7B56AAF991C34D0E 718 | A84EAF3716022100 90F2C129ABB2F39B 719 | 6A07963BD555A87A B2B7333B7B91F166 720 | 8FD8618C83FAC3F1 721 +--Signature Segment: (94 bytes) 722 +--SKI: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154 723 +--Length: 72 bytes 724 +--Signature: 3046022100EFD48B 2AACB6A8FD1140DD 725 9CD45E81D69D2C87 7B56AAF991C34D0E 726 A84EAF3716022100 8E21F60E44C6066C 727 8B8A95A3C09D3AD4 379585A2D728EEAD 728 07A17ED7AA055ECA 730 A.4. BGPsec IPv6 732 BGPsec IPv6 UPDATE from AS(65536) to AS(65537): 733 =============================================== 734 Binary Form of BGP/BGPsec UPDATE (TCP-DUMP): 736 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 737 01 10 02 00 00 00 F9 40 01 01 02 80 04 04 00 00 738 00 00 80 0E 1A 00 02 01 10 20 01 00 10 00 00 00 739 00 00 00 00 00 C6 33 64 64 00 20 20 01 0D B8 90 740 1E 00 CD 00 0E 01 00 00 01 00 00 01 00 00 00 FB 741 F0 00 BF 01 47 F2 3B F1 AB 2F 8A 9D 26 86 4E BB 742 D8 DF 27 11 C7 44 06 EC 00 48 30 46 02 21 00 EF 743 D4 8B 2A AC B6 A8 FD 11 40 DD 9C D4 5E 81 D6 9D 744 2C 87 7B 56 AA F9 91 C3 4D 0E A8 4E AF 37 16 02 745 21 00 D1 B9 4F 62 51 04 6D 21 36 A1 05 B0 F4 72 746 7C C5 BC D6 74 D9 7D 28 E6 1B 8F 43 BD DE 91 C3 747 06 26 AB 4D 91 0F 55 CA E7 1A 21 5E F3 CA FE 3A 748 CC 45 B5 EE C1 54 00 48 30 46 02 21 00 EF D4 8B 749 2A AC B6 A8 FD 11 40 DD 9C D4 5E 81 D6 9D 2C 87 750 7B 56 AA F9 91 C3 4D 0E A8 4E AF 37 16 02 21 00 751 E2 A0 2C 68 FE 53 CB 96 93 4C 78 1F 5A 14 A2 97 752 19 79 20 0C 91 56 ED F8 55 05 8E 80 53 F4 AC D3 754 Signature from AS(64496) to AS(65536): 755 -------------------------------------- 756 Digest: 8A 0C D3 E9 8E 55 10 45 82 1D 80 46 01 D6 55 FC 757 52 11 89 DF 4D B0 28 7D 84 AC FC 77 55 6D 06 C7 758 Signature: 30 46 02 21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 759 9C D4 5E 81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D 0E 760 A8 4E AF 37 16 02 21 00 E2 A0 2C 68 FE 53 CB 96 761 93 4C 78 1F 5A 14 A2 97 19 79 20 0C 91 56 ED F8 762 55 05 8E 80 53 F4 AC D3 764 Signature from AS(65536) to AS(65537): 765 -------------------------------------- 766 Digest: 44 49 EC 70 8D EC 5C 85 00 C2 17 8C 72 FE 4C 79 767 FF A9 3C 95 31 61 01 2D EE 7E EE 05 46 AF 5F D0 768 Signature: 30 46 02 21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 769 9C D4 5E 81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D 0E 770 A8 4E AF 37 16 02 21 00 D1 B9 4F 62 51 04 6D 21 771 36 A1 05 B0 F4 72 7C C5 BC D6 74 D9 7D 28 E6 1B 772 8F 43 BD DE 91 C3 06 26 774 The human-readable output is produced using bgpsec-io, a BGPsec 775 traffic generator that uses a Wireshark-like printout. 777 Send UPDATE Message 778 +--marker: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 779 +--length: 272 780 +--type: 2 (UPDATE) 781 +--withdrawn_routes_length: 0 782 +--total_path_attr_length: 249 783 +--ORIGIN: INCOMPLETE (4 bytes) 784 | +--Flags: 0x40 (Well-Known, Transitive, Complete) 785 | +--Type Code: ORIGIN (1) 786 | +--Length: 1 byte 787 | +--Origin: INCOMPLETE (1) 788 +--MULTI_EXIT_DISC (7 bytes) 789 | +--Flags: 0x80 (Optional, Non-transitive, Complete) 790 | +--Type Code: MULTI_EXIT_DISC (4) 791 | +--Length: 4 bytes 792 | +--data: 00 00 00 00 793 +--MP_REACH_NLRI (29 bytes) 794 | +--Flags: 0x80 (Optional, Non-transitive, Complete) 795 | +--Type Code: MP_REACH_NLRI (14) 796 | +--Length: 26 bytes 797 | +--Address family: IPv6 (2) 798 | +--Subsequent address family identifier: Unicast (1) 799 | +--Next hop network address: (16 bytes) 800 | | +--Next hop: 2001:0010:0000:0000:0000:0000:c633:6464 801 | +--Subnetwork points of attachment: 0 802 | +--Network layer reachability information: (5 bytes) 803 | +--2001:db8::/32 804 | +--MP Reach NLRI prefix length: 32 805 | +--MP Reach NLRI IPv6 prefix: 2001:db8:: 807 +--BGPSEC Path Attribute (209 bytes) 808 +--Flags: 0x90 (Optional, Complete, Extended Length) 809 +--Type Code: BGPSEC Path Attribute (30) 810 +--Length: 205 bytes 811 +--Secure Path (14 bytes) 812 | +--Length: 14 bytes 813 | +--Secure Path Segment: (6 bytes) 814 | | +--pCount: 1 815 | | +--Flags: 0 816 | | +--AS number: 65536 (1.0) 817 | +--Secure Path Segment: (6 bytes) 818 | +--pCount: 1 819 | +--Flags: 0 820 | +--AS number: 64496 (0.64496) 821 +--Signature Block (191 bytes) 822 +--Length: 191 bytes 823 +--Algo ID: 1 824 +--Signature Segment: (94 bytes) 825 | +--SKI: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC 826 | +--Length: 72 bytes 827 | +--Signature: 3046022100EFD48B 2AACB6A8FD1140DD 828 | 9CD45E81D69D2C87 7B56AAF991C34D0E 829 | A84EAF3716022100 D1B94F6251046D21 830 | 36A105B0F4727CC5 BCD674D97D28E61B 831 | 8F43BDDE91C30626 832 +--Signature Segment: (94 bytes) 833 +--SKI: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154 834 +--Length: 72 bytes 835 +--Signature: 3046022100EFD48B 2AACB6A8FD1140DD 836 9CD45E81D69D2C87 7B56AAF991C34D0E 837 A84EAF3716022100 E2A02C68FE53CB96 838 934C781F5A14A297 1979200C9156EDF8 839 55058E8053F4ACD3 841 Acknowledgements 843 The authors wish to thank Geoff Huston and George Michaelson for 844 producing [RFC7935], which this document is entirely based on. The 845 authors would also like to thank Roque Gagliano, David Mandelberg, 846 Tom Petch, Sam Weiler, and Stephen Kent for their reviews and 847 comments. Mehmet Adalier, Kotikalapudi Sriram, and Doug Montgomery 848 were instrumental in developing the test vectors found in Appendix A. 849 Additionally we want to thank Geoff Huston, author of [RFC5398] from 850 where we borrowed wording for Section 2.1 of this document. 852 Authors' Addresses 854 Sean Turner 855 sn3rd 857 Email: sean@sn3rd.com 859 Oliver Borchert 860 NIST 861 100 Bureau Drive 862 Gaithersburg, MD 20899 863 United States of America 865 Email: oliver.borchert@nist.gov