idnits 2.17.1 draft-ymbk-rpki-rtr-keys-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- -- The document has an IETF Trust Provisions (28 Dec 2009) Section 6.c(ii) Publication Limitation clause. If this document is intended for submission to the IESG for publication, this constitutes an error. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 09, 2013) is 4035 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-18) exists of draft-ietf-sidr-bgpsec-algs-04 == Outdated reference: A later version (-21) exists of draft-ietf-sidr-bgpsec-pki-profiles-04 == Outdated reference: A later version (-23) exists of draft-ietf-sidr-bgpsec-protocol-07 Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Bush 3 Internet-Draft Internet Initiative Japan 4 Intended status: Standards Track K. Patel 5 Expires: October 11, 2013 Cisco Systems 6 S. Turner 7 IECA, Inc. 8 April 09, 2013 10 Router Key PDU for RPKI-Router Protocol 11 draft-ymbk-rpki-rtr-keys-01 13 Abstract 15 The RPKI/Router Protocol v0 is specified to carry the PDUs necessary 16 for RPKI-based Origin Validation. For BGPsec Path Validation, the 17 routers also need data extracted from BGPsec Router Certificates. 18 This document adds a PDU to the RPKI/Router Protocol to carry those 19 data. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on October 11, 2013. 38 Copyright Notice 40 Copyright (c) 2013 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 This document may not be modified, and derivative works of it may not 54 be created, and it may not be published except as an Internet-Draft. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 2. The Data Needed by the Router . . . . . . . . . . . . . . . . 2 60 3. The PDU Format . . . . . . . . . . . . . . . . . . . . . . . 3 61 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 62 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 5.1. Normative References . . . . . . . . . . . . . . . . . . 4 64 5.2. Informative References . . . . . . . . . . . . . . . . . 4 65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4 67 1. Introduction 69 The RPKI/Router Protocol v0, see [RFC6810], defines the PDUs 70 necessary for RPKI-based Origin Validation. For BGPsec Path 71 Validation ([I-D.ietf-sidr-bgpsec-protocol]), the routers also need 72 data extracted from BGPsec Router Certificates which are described in 73 Section 3.1 of [I-D.ietf-sidr-bgpsec-pki-profiles]. This document 74 adds a PDU to the RPKI/Router Protocol to carry those data. 76 This is a temporary design document intended to work out the design 77 of the PDU. How the RPKI/Router protocol specification is enhanced 78 to include this PDU will be dealt with later. 80 2. The Data Needed by the Router 82 As in the RPKI/Router protocol v0, very little of the data in the 83 RPKI is actually needed by the router. Only those data required by 84 the router are carried in this PDU. In addition to the normal 85 boilerplate fields of an RPKI/Router PDU (Protocol Version, Serial 86 Number, and Flags), the Router Key PDU has the following fields: 88 PDU Type: An eight-bit unsigned integer with the value 9. 89 AS Number: The 4-byte Autonomous System Number (AS or ASN) of the 90 router extracted from [I-D.ietf-sidr-bgpsec-pki-profiles] 91 Section 3.1.1.1 (sic). 92 Subject Key Identifier: The 20 octet subjectKeyIdentifier (SKI) as 93 described in Section 4.8.2 of [RFC6487]. 94 Subject Public Key Info: The router's subjectPublicKeyInfo (SPKI) as 95 described in section 3.1 of [I-D.ietf-sidr-bgpsec-algs]. The 96 first two octets of the SPKI are the Tag (currently 0x30) and the 97 Length (currently 0x59) of the SPKI. They are followed by an 98 algorithmIdentifier and a subjectPublicKey. 100 3. The PDU Format 102 0 8 16 24 31 103 .-------------------------------------------. 104 | Protocol | PDU | | 105 | Version | Type | reserved = zero | 106 | 42 | 9 | | 107 +-------------------------------------------+ 108 | | 109 | Length | 110 | | 111 +-------------------------------------------+ 112 | | 113 | AS Number | 114 | | 115 +-------------------------------------------+ 116 | | 117 | | 118 | subjectKeyIdentifier | 119 | 20 octets | 120 | | 121 | | 122 +-------------------------------------------+ 123 | Flags | | 124 +----------' | 125 | | 126 | subjectPublicKeyInfo | 127 | | 128 | | 129 `-------------------------------------------' 131 4. IANA Considerations 133 This document requests the IANA to modify the registry for tuples of 134 Protocol Version / PDU Type, to add the PDU Type 9 as follows: 136 Protocol 137 Version PDU Type 138 -------- ------------------- 139 0 9 - Router Key 141 5. References 142 5.1. Normative References 144 [I-D.ietf-sidr-bgpsec-algs] 145 Turner, S., "BGP Algorithms, Key Formats, & Signature 146 Formats", draft-ietf-sidr-bgpsec-algs-04 (work in 147 progress), March 2013. 149 [I-D.ietf-sidr-bgpsec-pki-profiles] 150 Reynolds, M., Turner, S., and S. Kent, "A Profile for 151 BGPSEC Router Certificates, Certificate Revocation Lists, 152 and Certification Requests", draft-ietf-sidr-bgpsec-pki- 153 profiles-04 (work in progress), October 2012. 155 [RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for 156 X.509 PKIX Resource Certificates", RFC 6487, February 157 2012. 159 [RFC6810] Bush, R. and R. Austein, "The Resource Public Key 160 Infrastructure (RPKI) to Router Protocol", RFC 6810, 161 January 2013. 163 5.2. Informative References 165 [I-D.ietf-sidr-bgpsec-protocol] 166 Lepinski, M., "BGPSEC Protocol Specification", draft-ietf- 167 sidr-bgpsec-protocol-07 (work in progress), February 2013. 169 Authors' Addresses 171 Randy Bush 172 Internet Initiative Japan 173 5147 Crystal Springs 174 Bainbridge Island, Washington 98110 175 US 177 Email: randy@psg.com 179 Keyur Patel 180 Cisco Systems 181 170 W. Tasman Drive 182 San Jose, CA 95134 183 USA 185 Email: keyupate@cisco.com 186 Sean Turner 187 IECA, Inc. 188 3057 Nutley Street, Suite 106 189 Fairfax, Virginia 22031 190 US 192 Email: turners@ieca.com