| rfc9255v2.txt | rfc9255.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) R. Bush | Internet Engineering Task Force (IETF) R. Bush | |||
| Request for Comments: 9255 Arrcus & IIJ | Request for Comments: 9255 Arrcus & IIJ Research | |||
| Category: Standards Track R. Housley | Category: Standards Track R. Housley | |||
| ISSN: 2070-1721 Vigil Security | ISSN: 2070-1721 Vigil Security | |||
| June 2022 | June 2022 | |||
| The 'I' in RPKI Does Not Stand for Identity | The 'I' in RPKI Does Not Stand for Identity | |||
| Abstract | Abstract | |||
| There is a false notion that Internet Number Resources (INRs) in the | There is a false notion that Internet Number Resources (INRs) in the | |||
| RPKI can be associated with the real-world identity of the 'holder' | RPKI can be associated with the real-world identity of the 'holder' | |||
| skipping to change at line 166 ¶ | skipping to change at line 166 ¶ | |||
| authentication one hopes), a hardware token, client browser | authentication one hopes), a hardware token, client browser | |||
| certificates, etc. | certificates, etc. | |||
| Hence schemes such as Resource Tagged Attestations [RPKI-RTA] and | Hence schemes such as Resource Tagged Attestations [RPKI-RTA] and | |||
| Signed Checklists [RPKI-RSC] must go to great lengths to extract the | Signed Checklists [RPKI-RSC] must go to great lengths to extract the | |||
| supposedly relevant keys from the CA. | supposedly relevant keys from the CA. | |||
| For some particular INR, say, Bill's Bait and Sushi's Autonomous | For some particular INR, say, Bill's Bait and Sushi's Autonomous | |||
| System (AS) number, someone out on the net probably has the | System (AS) number, someone out on the net probably has the | |||
| credentials to the CA account in which BB&S's INRs are registered. | credentials to the CA account in which BB&S's INRs are registered. | |||
| That could be the owner of BB&S, Roberto's Taco Stand (in San Diego), | That could be the owner of BB&S, Randy's Taco Stand, an IT vendor, or | |||
| an IT vendor, or the Government of Elbonia. One simply can not know. | the Government of Elbonia. One simply can not know. | |||
| In large organizations, INR management is often compartmentalized | In large organizations, INR management is often compartmentalized | |||
| with no authority over anything beyond dealing with INR registration. | with no authority over anything beyond dealing with INR registration. | |||
| The INR manager for Bill's Bait and Sushi is unlikely to be | The INR manager for Bill's Bait and Sushi is unlikely to be | |||
| authorized to conduct bank transactions for BB&S, or even to | authorized to conduct bank transactions for BB&S, or even to | |||
| authorize access to BB&S's servers in some colocation facility. | authorize access to BB&S's servers in some colocation facility. | |||
| Then there is the temporal issue. The holder of that AS may be BB&S | Then there is the temporal issue. The holder of that AS may be BB&S | |||
| today when some document was signed, and could be the Government of | today when some document was signed, and could be the Government of | |||
| Elbonia tomorrow. Or the resource could have been administratively | Elbonia tomorrow. Or the resource could have been administratively | |||
| skipping to change at line 301 ¶ | skipping to change at line 301 ¶ | |||
| Acknowledgments | Acknowledgments | |||
| The authors thank George Michaelson and Job Snijders for lively | The authors thank George Michaelson and Job Snijders for lively | |||
| discussion, Geoff Huston for some more formal text, Ties de Kock for | discussion, Geoff Huston for some more formal text, Ties de Kock for | |||
| useful suggestions, many directorate and IESG reviewers, and last but | useful suggestions, many directorate and IESG reviewers, and last but | |||
| not least, Biff for the loan of Bill's Bait and Sushi. | not least, Biff for the loan of Bill's Bait and Sushi. | |||
| Authors' Addresses | Authors' Addresses | |||
| Randy Bush | Randy Bush | |||
| Arrcus & Internet Initiative Japan | Arrcus & Internet Initiative Japan Research | |||
| 5147 Crystal Springs | 5147 Crystal Springs | |||
| Bainbridge Island, WA 98110 | Bainbridge Island, WA 98110 | |||
| United States of America | United States of America | |||
| Email: randy@psg.com | Email: randy@psg.com | |||
| Russ Housley | Russ Housley | |||
| Vigil Security, LLC | Vigil Security, LLC | |||
| 516 Dranesville Road | 516 Dranesville Road | |||
| Herndon, VA 20170 | Herndon, VA 20170 | |||
| United States of America | United States of America | |||
| End of changes. 3 change blocks. | ||||
| 4 lines changed or deleted | 4 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||