RIPE NCC's Implementation of Resource Public Key Infrastructure (RPKI) Certificate Tree Validation
draft-ietf-sidrops-rpki-tree-validation-03

[Ballot comment]
This document is Informational, so I will make my comments non-blocking,
but I think that the security considerations could be improved.  It
currently does a good job talking about cases where the procedure can
receive inconsistent inputs (and how it behaves in the face of those
inputs), as well as some other considerations, and this is great!  I think
that the discussion could be more powerful if it also considered how those
inconsistent inputs could be produced, in particular which capabilities an
attacker could have.  There seem to be roughly three classes of actors for
active attacks -- an attacker in the network could modify the transferred
content (including number of files and directory layout) over unecrypteed
rsync or http, an attacker that compromises the webserver's certificate
(or obtains a fraudulent one) could do the same over encrypted https, and
an attacker that compromises the TA signing key could produce
fake-but-"valid" manifests, CRLs, etc..  (Is there more that could be done
with a compromised non-TA CA?  The potential hazards to this algorithm
don't seem to be noticably distinct, though.)  Some consumers may be
willing to trust in the TA's integrity or even the Web PKI and not worry
about those risks.  Though there is always risk of accidental error, of
course, and the current coverage in this document seems adequate for that
risk.

Some additional section-by-section comments follow.

Section 3.1

The key properties needed of cryptographic hash functions are either
"collision resistance" or "second preimage resistance", depending on
whether the attacker gets to pick both hash inputs (the first case) or only
one of them (the second).  Which one is needed here would probably depend
on whether the CA/issuer is trusted to not be an attacker or not, but
regardless, please use the more detailed terminology.

Section 3.2

  [...], or use all objects whose AKI extension
  matches the Subject Key Identifier (SKI) extension (Section 4.2.1 of
  [RFC5280]) of a CA certificate.

"all objects" as discovered within what scope?

Section 4.2

Please expand SIA on first usage.

In bullet point 1, it might help the uninitiated reader to say something
after "and pass it to the object fetcher" to note that "the fetcher will
then fetch all objects available from that repository".

In bullet point 3, please be more clear about which manifest is "this
manifest object" that is used to continue validation processing.

  4.  Perform manifest entries discovery and validation as described in
      Section 4.2.2.

nit: "manifest entry discovery" (singular "entry")

      (Note that this implementation uses the operator configuration to
      decide which algorithm to use for path validation.  It applies
      selected algorithm to all resource certificates, rather than

nit: "the selected algorithm"

Please expand ROA on first usage.

Section 5.1.1, 5.1.2

The syntactic verification performed here is done on what should be
considered "untrusted input", which means that the verification code needs
to be written in a robust manner.  (Given the historical recurrences of,
e.g., ASN.1 decoder security vulnerabilities, we probably need to
explicitly state this in the security considerations.)


Section 9.1

If I understand correctly, RFC 6485 allows for (and predicts the need for)
hash agility in the file hash algorithm.  In this case, it would probably
be appropriate to say something about how "the security of the system as a
whole is limited to that of the weakest hash function allowed by consumers,
but the hash agility provided for by RFC 6485 allows new (stronger) hashes
to be introduced and old hash functions phased out before they are
critically broken".

Section 9.2

  In case of a mismatch described above this implementation will not
  exclude an object from further validation merely because it's actual

nit: "its" (no apostrophe)

Section 9.3

nit: Which behavior is allowed-but-not-required -- a CA signing things not
listed in the manifest, or an RP ignoring things not listed in the
manifest?  I suggest "This RP behavior is allowed [...]".

Section 9.4

This kind of behavior would be seen as an unacceptable vulnerability in a
standards-track protocol, though since this document is only informational
it does not block publication.

Section 9.5

It might be useful to reference Section 5.1.1 and how we sometimes fetch
the entire repository contents, not limited by a manifest listing.

[Ballot comment]
I am happy that this document exists.  Documenting how the RIPE validator works is important and valuable.  I think that the content (maybe after getting feedback from the WG) would have been more appropriate as an Independent Submission...or even as simply documentation in the RIPE site.

There is one point that bothers me -- as part of the answer to 'why are we publishing this document?' (paraphrasing from the GenArt review), one of the authors mentioned that "the implementation will change (in fact v3 is just (about to be) released), and then the RFC is outdated." [1]  There is documentation about the rpki-validator-3 in the github repository [2] already -- I haven't taken the time to examine the differences, but the point about the short term value of this document makes me think about the value of publishing it as an RFC at all.

I have also noticed the comments from the WG about the value of this document to implementors, both experienced and new.  I am then balloting 'No Objection'.

[1] https://mailarchive.ietf.org/arch/msg/ietf/pJzebXqz1mtdGAsFi2V3e-G_SYI
[2] https://github.com/RIPE-NCC/rpki-validator-3/wiki

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has reviewed draft-ietf-sidrops-rpki-tree-validation-02, which is currently in Last Call, and has the following comments:

We understand that this document doesn't require any registry actions.

While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object.

If this assessment is not accurate, please respond as soon as possible.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2018-08-10):

From: The IESG
To: IETF-Announce
CC: morrowc@ops-netman.net, sidrops@ietf.org, sidrops-chairs@ietf.org, Chris Morrow , warren@kumari.net, draft-ietf-sidrops-rpki-tree-validation@ietf.org
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (RPKI Certificate Tree Validation by the RIPE NCC RPKI Validator) to Informational RFC


The IESG has received a request from the SIDR Operations WG (sidrops) to
consider the following document: - 'RPKI Certificate Tree Validation by the
RIPE NCC RPKI Validator'
  as Informational RFC

An "Informational" specification is published for the general information of
the Internet community, and does not represent an Internet community
consensus or recommendation. The Informational designation is
intended to provide for the timely publication of a very broad
range of responsible informational documents from many
sources, subject only to editorial considerations and to
verification that there has been adequate coordination
with the standards process (see section 4.2.3).


The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2018-08-10. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


  This document describes the approach to validate the content of the
  RPKI certificate tree, as it is implemented in the RIPE NCC RPKI
  Validator.  This approach is independent of a particular object
  retrieval mechanism.  This allows it to be used with repositories
  available over the rsync protocol, the RPKI Repository Delta
  Protocol, and repositories that use a mix of both.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-tree-validation/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-tree-validation/ballot/


No IPR declarations have been submitted directly on this I-D.

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

Informational

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

This document describes the approach to validate the content of the
  RPKI certificate tree, as it is implemented in the RIPE NCC RPKI
  Validator.  This approach is independent of a particular object
  retrieval mechanism.  This allows it to be used with repositories
  available over the rsync protocol, the RPKI Repository Delta
  Protocol, and repositories that use a mix of both.

Working Group Summary

  Was there anything in WG process that is worth noting? For
  example, was there controversy about particular points or
  were there decisions where the consensus was particularly
  rough?

no particularly difficult notes from the WG, this document describes the operations of a particular piece of infrastructure, it's not changing live things.

Document Quality

  Are there existing implementations of the protocol? Have a
  significant number of vendors indicated their plan to
  implement the specification? Are there any reviewers that
  merit special mention as having done a thorough review,
  e.g., one that resulted in important changes or a
  conclusion that the document had no substantive issues? If
  there was a MIB Doctor, Media Type or other expert review,
  what was its course (briefly)? In the case of a Media Type
  review, on what date was the request posted?

this document describes a running system... it's clear and concise.

Personnel

  Who is the Document Shepherd? Who is the Responsible Area
  Director?

Shepherd: morrowc@ops-netman.net
AD: Warren Kumari - warren@kumari.net

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

Shepherd has read this document, comments on the document and fixes which came from the comments, the document seems to be in good shape at this point.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

no concerns

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

not required.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

no concerns

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

yes, no ipr concerns

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

no

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

solid enough for sidr/sidrops.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

no

(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

there are 3 references which will be updated before publication

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

no review required.

(13) Have all references within this document been identified as
either normative or informative?

yes

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

no

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

none.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

nope

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

review/reading made, no issues.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

none.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

none

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

Informational

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

This document describes the approach to validate the content of the
  RPKI certificate tree, as it is implemented in the RIPE NCC RPKI
  Validator.  This approach is independent of a particular object
  retrieval mechanism.  This allows it to be used with repositories
  available over the rsync protocol, the RPKI Repository Delta
  Protocol, and repositories that use a mix of both.

Working Group Summary

  Was there anything in WG process that is worth noting? For
  example, was there controversy about particular points or
  were there decisions where the consensus was particularly
  rough?

no particularly difficult notes from the WG, this document describes the operations of a particular piece of infrastructure, it's not changing live things.

Document Quality

  Are there existing implementations of the protocol? Have a
  significant number of vendors indicated their plan to
  implement the specification? Are there any reviewers that
  merit special mention as having done a thorough review,
  e.g., one that resulted in important changes or a
  conclusion that the document had no substantive issues? If
  there was a MIB Doctor, Media Type or other expert review,
  what was its course (briefly)? In the case of a Media Type
  review, on what date was the request posted?

this document describes a running system... it's clear and concise.

Personnel

  Who is the Document Shepherd? Who is the Responsible Area
  Director?

Shepherd: morrowc@ops-netman.net
AD: Warren Kumari - warren@kumari.net

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

Shepherd has read this document, comments on the document and fixes which came from the comments,

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

no concerns

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

not required.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

no concerns

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

yes, no ipr concerns

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

no

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

solid enough for sidr/sidrops.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

no

(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

there are 3 references which will be updated before publication

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

no review required.

(13) Have all references within this document been identified as
either normative or informative?

yes

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

no

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

none.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

nope

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

review/reading made, no issues.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

none.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

none