idnits 2.17.1 draft-ymbk-rpki-rtr-keys-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- -- The document has an IETF Trust Provisions (28 Dec 2009) Section 6.c(ii) Publication Limitation clause. If this document is intended for submission to the IESG for publication, this constitutes an error. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 2012) is 4211 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-18) exists of draft-ietf-sidr-bgpsec-algs-03 == Outdated reference: A later version (-21) exists of draft-ietf-sidr-bgpsec-pki-profiles-03 == Outdated reference: A later version (-23) exists of draft-ietf-sidr-bgpsec-protocol-05 Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Bush 3 Internet-Draft Internet Initiative Japan 4 Intended status: Standards Track K. Patel 5 Expires: April 02, 2013 Cisco Systems 6 S. Turner 7 IECA, Inc. 8 October 2012 10 Router Key PDU for RPKI-Router Protocol 11 draft-ymbk-rpki-rtr-keys-00 13 Abstract 15 The RPKI/Router Protocol v0 is specified to carry the PDUs necessary 16 for RPKI-based Origin Validation. For BGPsec Path Validation, the 17 routers also need data extracted from BGPsec Router Certificates. 18 This document adds a PDU to the RPKI/Router Protocol to carry those 19 data. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on April 02, 2013. 38 Copyright Notice 40 Copyright (c) 2012 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents (http://trustee.ietf.org/ 45 license-info) in effect on the date of publication of this document. 46 Please review these documents carefully, as they describe your rights 47 and restrictions with respect to this document. Code Components 48 extracted from this document must include Simplified BSD License text 49 as described in Section 4.e of the Trust Legal Provisions and are 50 provided without warranty as described in the Simplified BSD License. 52 This document may not be modified, and derivative works of it may not 53 be created, and it may not be published except as an Internet-Draft. 55 1. Introduction 57 The RPKI/Router Protocol v0, see [I-D.ietf-sidr-rpki-rtr], defines 58 the PDUs necessary for RPKI-based Origin Validation. For BGPsec Path 59 Validation ([I-D.ietf-sidr-bgpsec-protocol]), the routers also need 60 data extracted from BGPsec Router Certificates which are described in 61 Section 3.1 of [I-D.ietf-sidr-bgpsec-pki-profiles]. This document 62 adds a PDU to the RPKI/Router Protocol to carry those data. 64 This is a temporary design document intended to work out the design 65 of the PDU. How the RPKI/Router protocol specification is enhanced 66 to include this PDU will be dealt with later. 68 2. The Data Needed by the Router 70 As in the RPKI/Router protocol, very little of the data in the RPKI 71 is actually needed by the router. Only those data required by the 72 router are carried in this PDU. In addition to the normal 73 boilerplate fields of an RPKI/Router PDU (Protocol Version, Serial 74 Number, and Flags), the Router Key PDU has the following fields: 76 PDU Type: An eight-bit unsigned integer with the value 9. 78 AS Number: The 4-byte Autonomous System Number (AS or ASN) of the 79 router extracted from [I-D.ietf-sidr-bgpsec-pki-profiles] Section 80 3.1.1.1 (sic). 82 Subject Key Identifier: The 20 octet subjectKeyIdentifier (SKI) as 83 described in Section 4.8.2 of [RFC6487]. 85 Subject Public Key Info: The router's subjectPublicKeyInfo (SPKI) as 86 described in section 3.1 of [I-D.ietf-sidr-bgpsec-algs]. The 87 first two octets of the SPKI are the Tag (currently 0x30) and the 88 Length (currently 0x59) of the SPKI. They are followed by an 89 algorithmIdentifier and a subjectPublicKey. 91 3. The PDU Format 92 0 8 16 24 31 93 .-------------------------------------------. 94 | Protocol | PDU | | 95 | Version | Type | reserved = zero | 96 | 42 | 9 | | 97 +-------------------------------------------+ 98 | | 99 | Length | 100 | | 101 +-------------------------------------------+ 102 | | 103 | AS Number | 104 | | 105 +-------------------------------------------+ 106 | | 107 | | 108 | subjectKeyIdentifier | 109 | 20 octets | 110 | | 111 | | 112 +-------------------------------------------+ 113 | Flags | | 114 +----------' | 115 | | 116 | subjectPublicKeyInfo | 117 | | 118 | | 119 `-------------------------------------------' 121 4. IANA Considerations 123 This document requests the IANA to modify the registry for tuples of 124 Protocol Version / PDU Type, to add the PDU Type 9 as follows: 126 Protocol 127 Version PDU Type 128 -------- ------------------- 129 0 9 - Router Key 131 5. References 133 5.1. Normative References 135 [I-D.ietf-sidr-bgpsec-algs] 136 Turner, S., "BGP Algorithms, Key Formats, & Signature 137 Formats", Internet-Draft draft-ietf-sidr-bgpsec-algs-03, 138 September 2012. 140 [I-D.ietf-sidr-bgpsec-pki-profiles] 141 Reynolds, M., Turner, S. and S. Kent, "A Profile for 142 BGPSEC Router Certificates, Certificate Revocation Lists, 143 and Certification Requests", Internet-Draft draft-ietf- 144 sidr-bgpsec-pki-profiles-03, April 2012. 146 [I-D.ietf-sidr-rpki-rtr] 147 Bush, R. and R. Austein, "The RPKI/Router Protocol", 148 Internet-Draft draft-ietf-sidr-rpki-rtr-26, February 2012. 150 [RFC6487] Huston, G., Michaelson, G. and R. Loomans, "A Profile for 151 X.509 PKIX Resource Certificates", RFC 6487, February 152 2012. 154 5.2. Informative References 156 [I-D.ietf-sidr-bgpsec-protocol] 157 Lepinski, M., "BGPSEC Protocol Specification", Internet- 158 Draft draft-ietf-sidr-bgpsec-protocol-05, September 2012. 160 Authors' Addresses 162 Randy Bush 163 Internet Initiative Japan 164 5147 Crystal Springs 165 Bainbridge Island, Washington 98110 166 US 168 Email: randy@psg.com 170 Keyur Patel 171 Cisco Systems 172 170 W. Tasman Drive 173 San Jose, CA 95134 174 USA 176 Email: keyupate@cisco.com 178 Sean Turner 179 IECA, Inc. 180 3057 Nutley Street, Suite 106 181 Fairfax, Virginia 22031 182 US 184 Email: turners@ieca.com