| Network Working Group | T. Manderson |
| Internet-Draft | ICANN |
| Intended status: Standards Track | R L. Barnes |
| Expires: August 12, 2011 | M. Lepinski |
| BBN | |
| February 08, 2011 |
Providing first class geographical location statements for RPKI objects
draft-manderson-sidr-geo-00.txt
This document describes the construction and use of the RPKI-GEO record. This record provides first class informational statements pertaining to the geographical attributes of the information described in RPKI objects.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 12, 2011.
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
There is a constant an ongoing effort to investigate and analyse the global internet routing system from many different perspectives. One perspective is related to the geographical position of BGP [RFC4271] speakers and the terrestrial location of the route propagation. Recording of such information by passive BGP listeners in MRT format is described in the MRT BGP routing information export format with geo-location extensions [I-D.ietf-grow-geomrt]. There are of course many other efforts external to the IETF and won't be described here. Further awareness of these efforts is left to the reader.
This document describes the construction, use, and interpretation of the RPKI-GEO record. This record provides first class informational attestations pertaining to the geographical attributes relating to the information described in RPKI objects. The use of the geographical data is of an informational nature and provides a consistent and validatable approach to asserting the location properties of any item described by an RPKI object. To maintain consistency implementers and readers should condier the 9 rules in section 3 of [RFC5491].
It is not intended that the RPKI object described herein be used to directly influence routing or forwarding decisions. Its creation by any certificate maintainer is to be interpreted as informational and any replying party should only use the knowledge in the efforts of routing research or anomaly detection.
The geographic attestations made in this object are made by the certificate maintainer and their validity and accuracy is in the hands of the certificate maintainer. It is left to the relying party as how much trust is given to the geographic data provided by the certificate maintainer.
The RPKI-GEO object pertains only to the objects at the same RPKI repository publication point where it itself is published.
The assumption is made that the reader comprehends the RPKI, the RPKI Repository Structure, and the various RPKI objects described in the following: [I-D.ietf-sidr-arch], [I-D.ietf-sidr-res-certs], [I-D.ietf-sidr-signed-object], [I-D.ietf-sidr-roa-format], [I-D.ietf-sidr-rpki-manifests], [I-D.ietf-sidr-ghostbusters].
The structure of the GEO-RPKI object follows the description and the generic RPKI validation as described in Signed Object Template for the Resource Public Key Infrastructure [I-D.ietf-sidr-signed-object]
The eContentType of the RPKI-GEO object in the encapContentInfo (signed content) section of object is defined as rpkiGEO with the numerical value of TO BE ASSIGNED.
The content of a RPKI-GEO object identifies an RPKI object and the geographical coordinates associated with the item described by the RPKI object.
The ASN.1 for the RPKI-GEO object is as follows:
rPKIGEO ::= SEQUENCE {
Version [0] INTEGER DEFAULT 0,
geoLocs SEQUENCE (SIZE(1..MAX)) OF geoOBJECTS
}
geoObjects ::= SEQUENCE {
objectFile FileAndHash,
geoAttribs SEQUENCE (SIZE(1..MAX)) OF geoXML
}
FileAndHash ::= SEQUENCE {
file IA5String,
hash BIT STRING
}
geoXML ::= SEQUENCE {
type INTEGER DEFAULT 0,
xmlDoc PrintableString
}
The version number of this version of the GEO-RPKI object MUST be 0.
This field is a sequence of geoObjects. Each geoObject contains a FileAndHash element and a sequence of geoXML. The geoLoc object MUST contain at least one geoXML object of type 0 for each FileAndHash element
The single FileAndHash entry in each geoObject corresponds to each currently valid signed object that has been published by the authority (at this publication point). The description is as seen in [I-D.ietf-sidr-rpki-manifests]: Each FileAndHash is an ordered pair consisting of the name of the file in the repository publication point that contains the object in question, and a hash of the file's contents.
The publication point manifest and RPKI-GEO object's FileAndHash MUST NOT appear in a RPKI-GEO object.
The geoXML contains the details of the geographical location information in an xml representation defined by the geoXML type value. The type specifies the XML schema used in the xmlDoc portion. There are 2 valid types.
Type 0: A GML syntax Type 1: A Civic Address Syntax
Type 0 is a constrained GML syntax [GML]. The constraints on the syntax are as follows.
Coordinate datum selection: The coordinates used in the GML will use the WGS84 datum [WGS84]. Any use of another datum specified in the GML in this object is considered illegal. This is for compatibility and uniformity.
The XML contained on the xmlDoc geoXML element for type = 0 MUST contain only one GML reference of either point or polygon representations.
<gml:Point srsName="urn:ogc:def:crs:EPSG::4326"> <gml:pos>-43.5723 153.21760</gml:pos> </gml:Point>
A Type 1 xmlDoc contains a Civic address representation of the location information and is defined in [RFC5139].
<civicAddress xml:lang="en-AU"
xmlns="urn:ietf:params:xml:ns:pidf:geopriv10:civicAddr">
<country>AU</country>
<A1>NSW</A1>
<A3> Wollongong
</A3><A4>North Wollongong
</A4>
<RD>Flinders</RD><STS>Street</STS>
<RDBR>Campbell Street</RDBR>
<LMK>
Gilligan's Island
</LMK> <LOC>Corner</LOC>
<NAM> Video Rental Store </NAM>
<PC>2500</PC>
<ROOM> Westerns and Classics </ROOM>
<PLC>store</PLC>
<POBOX>Private Box 15</POBOX>
</civicAddress>
After the generic signed objects validation [I-D.ietf-sidr-signed-object] has been performed, the Version number field within the payload is checked. The payload data is checked against the profile defined in this document. All of these checks MUST pass for the RPKI-GEO payload to be considered valid and made available for use.
A common sense interpretation of location data should prevail based on the type of the data that is represented in the RPKI object. For example a RPKI-GEO object that provides location information for a ROA would attest to the geographical location where the route is originated from. That may be the originating BGP speaker(s) as described in [I-D.ietf-grow-geomrt]. Similarly the location information associated with a Ghostbusters record [I-D.ietf-sidr-ghostbusters] would describe the geographical location of the entity described in the Ghostbusters VCARD.
This document requests IANA to add the .geo extention to the RPKI file extension namespace.
The RPKI object described here is used in a descriptive nature and provide information that is useful in the analysis of routing systems. As such, the authors believes that it does not constitute an additional security risk. It is recommended that the issuers of the GEO-RPKI objects consider their own privacy concerns before supplying geographical coordinates in the RPKI.
| [WGS84] | Geodesy and Geophysics Department, DoD, "World Geodetic System 1984", January 2000. |
| [GML] | Open Geospatial Consortium, ODC, "OpenGIS Geography Markup Language (GML) Encoding Standard", December 2010. |