Network Working Group | T. Bruijnzeels |
Internet-Draft | RIPE NCC |
Intended status: Standards Track | C. Martinez |
Expires: May 17, 2018 | LACNIC |
November 13, 2017 |
RPKI signed object for TAL
draft-ietf-sidrops-signed-tal-00
Trust Anchor Locators (TALs) [RFC7730] are used by Relying Parties in the RPKI to locate and validate Trust Anchor certificates used in RPKI validation. This document defines an RPKI signed object [RFC6488] for a Trust Anchor Locator (TAL) that can be published by Trust Anchor to communicate a new TAL to already deployed Relying Parties. The two primary use cases for this are that 1) a Trust Anchor may wish to change the locations where its TA certificate may be found, and 2) a Trust Anchor may wish to perform a planned migration to a new key. Note that unplanned key rolls are considered out of scope for this document.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 17, 2018.
Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
Trust Anchor Locator (TAL) files [RFC7730] are used in the Resource Public Key Infrastructure (RPKI) to help Relying Parties locate and verify a trust anchor certificate. A TAL file consists of:
The TAL can be distributed out-of-band to Relying Parties (RP), and it allows the RP to retrieve the most recent version of the Trust Anchor (TA) certificate from the cited location, and verify that public key of this certificate matches the TAL. This is useful as it allows selected data in the trust anchor to change, without needing to effect redistribution of the trust anchor per se. In particular the Internet Number Resources (INRs) extension [RFC3779] and the publication points defined in the Subject Information Access [RFC6487] may be updated this way.
The assumption is that both the URIs and key of the TA certificate remain stable. However, an organisation operating a TA may wish to change either of these properties, because of a need to:
In this document we describe a method for TA operators to publish a an updated TAL in a secure a well-defined fashion, so that RPs can be alerted about these changes.
Note that [RFC5011] describes Automated Updates of DNS Security (DNSSEC) Trust Anchors and can provide some useful insight here as well. However, concepts like a set of Trust Anchors, standby Trust Anchors, and TTLs are not applicable to the RPKI. Therefore we believe that an alternative approach based on already existing concept of the Trust Anchor Locator [RFC7730] is appropriate.
A signed TAL is an RPKI signed object, as specified in [RFC6488]. The RPKI signed object template requires specification of the following data elements in the context of the manifest structure.
This document requests an OID for signed-Tal as follows:
signed-Tal OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 id-smime (1) TBD }
This OID MUST appear both within the eContentType in the encapContentInfo object as well as the content-type signed attribute in the signerInfo object (see [RFC6488]).
The content of a Signed TAL is ASN.1 encoded using the Distinguished Encoding Rules (DER) [X.690], and is defined as follows:
SignedTalContent ::= IA5String
The "SignedTalContent" contains the content of the new TAL encoded in Base64 [RFC4648].
Before a Relying Party can use a Signed TAL, the relying party MUST first validate the Signed TAL. To validate a Signed TAL, the relying party MUST perform all the validation checks specified in [RFC6488] as well as the following additional specific validation step.
If the above procedure indicates that the manifest is invalid, then the Signed TAL MUST be discarded and treated as though no Signed TAL were present.
A TA MAY choose to generate a single Singed TAL object to publish in its TA certificate publication point(s) in the RPKI. The TA MUST perform the following steps to generate the Signed TAL:
A TA MAY publish a single Signed TAL object directly under its CA repository publication points. A non-normative guideline for naming this object is that the filename chosen for the signed TAL in the publication repository be a value derived from the public key part of the entity's key pair, using the algorithm described for CRLs in section 2.2 of [RFC6481] for generation of filenames. The filename extension of ".tal" MUST be used to denote the object as a signed TAL. Note that this is in-line with filename extensions defined in section 7.2 of [RFC6481].
A Signed TAL MAY be used to communicate a planned key roll for the TA.
Prior to publishing the Signed TAL for the new key the TA MUST perform the following steps:
After these steps are performed a new Signed TAL MUST be generated as described in Section 4, and published as described in Section 5.
The staging period is initiated by the initial publication of a Signed TAL for the new key and must be last at least 24 HOURS. During the staging period the TA MUST continue to operate both the old and the new TA key. Note that this is the same staging period used for key roll of normal CAs in the RPKI, described in [RFC6489].
The TA SHOULD preserve a Signed TAL for the old key after the staging period as a hint for RPs that missed the key roll. The following process can be used to achieve this:
The TA SHOULD retire and delete its old key after the staging period is over.
When an RP discovers a valid Signed TAL signed under a TA, and it notices that the contained TAL is different from its current TAL for this TA and that the "subjectPublicKeyInfo" has changed, then the RP MUST replace the TAL for this TA with the new TAL, abort the current top-down validation operation, and initiate a new top-down validation operation using the updated TAL.
It is RECOMMENDED that the software informs the operator of this event.
A signed TAL MAY be used to communicate an addition or removal of one or more publication locations where the TA certificate can be found.
When adding a publication point for a TA certificate, the TA MUST publish the certificate in the new location(s) prior to publication of the Signed TAL.
When removing a publication point for TA certificate, the TA SHOULD observe a staging period of at least 24 Hours. The staging period is initiated by the publication of an updated Signed TAL where the publication point has been removed. During the staging period the TA SHOULD keep the old publication point up to date and available.
It is RECOMMENDED that a Trust Anchor publishes a valid Signed TAL for what it believes its current TAL should be at all times.
When an RP discovers a valid Signed TAL signed under a TA, and it notices that the contained TAL is different from its current TAL for this TA and that the "subjectPublicKeyInfo" has not changed, then the RP MUST replace the TAL for this TA with the new TAL for future use, but can continue the current top-down validation operation.
It is RECOMMENDED that the software informs the operator of this event.
IANA is to add the following to the "RPKI Signed Objects" registry:
Decimal Description References TBD signed-Tal [section 3.1]
IANA is to add an item for the Signed TAL file extension to the "RPKI Repository Name Scheme" created by [RFC6481] as follows:
Extension RPKI Object Reference ------------------------------------------------------- .tal Signed TAL [this document]
TBD
TBD
[RFC5011] | StJohns, M., "Automated Updates of DNS Security (DNSSEC) Trust Anchors", STD 74, RFC 5011, DOI 10.17487/RFC5011, September 2007. |
[RFC6489] | Huston, G., Michaelson, G. and S. Kent, "Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI)", BCP 174, RFC 6489, DOI 10.17487/RFC6489, February 2012. |