Adverse Actions by a Certification Authority (CA) or Repository Manager in the Resource Public Key Infrastructure (RPKI)
RFC 8211
Internet Engineering Task Force (IETF) S. Kent
Request for Comments: 8211 BBN Technologies
Category: Informational D. Ma
ISSN: 2070-1721 ZDNS
September 2017
Adverse Actions by a Certification Authority (CA) or Repository Manager
in the Resource Public Key Infrastructure (RPKI)
Abstract
This document analyzes actions by or against a Certification
Authority (CA) or an independent repository manager in the RPKI that
can adversely affect the Internet Number Resources (INRs) associated
with that CA or its subordinate CAs. The analysis is done from the
perspective of an affected INR holder. The analysis is based on
examination of the data items in the RPKI repository, as controlled
by a CA (or an independent repository manager) and fetched by Relying
Parties (RPs). The analysis does not purport to be comprehensive; it
does represent an orderly way to analyze a number of ways that errors
by or attacks against a CA or repository manager can affect the RPKI
and routing decisions based on RPKI data.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It has been approved for publication by the Internet
Engineering Steering Group (IESG). Not all documents approved by the
IESG are a candidate for any level of Internet Standard; see
Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8211.
Kent & Ma Informational [Page 1]
RFC 8211 RPKI Adverse CA Actions September 2017
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Analysis of RPKI Repository Objects . . . . . . . . . . . . . 4
2.1. CA Certificates . . . . . . . . . . . . . . . . . . . . . 6
2.2. Manifest . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3. Certificate Revocation List . . . . . . . . . . . . . . . 12
2.4. ROA . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.5. Ghostbusters Record . . . . . . . . . . . . . . . . . . . 17
2.6. Router Certificates . . . . . . . . . . . . . . . . . . . 18
3. Analysis of Actions Relative to Scenarios . . . . . . . . . . 19
3.1. Scenario A . . . . . . . . . . . . . . . . . . . . . . . 21
3.2. Scenario B . . . . . . . . . . . . . . . . . . . . . . . 21
3.3. Scenario C . . . . . . . . . . . . . . . . . . . . . . . 21
3.4. Scenario D . . . . . . . . . . . . . . . . . . . . . . . 22
4. Security Considerations . . . . . . . . . . . . . . . . . . . 22
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 23
6.1. Normative References . . . . . . . . . . . . . . . . . . 23
6.2. Informative References . . . . . . . . . . . . . . . . . 25
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26
Kent & Ma Informational [Page 2]
RFC 8211 RPKI Adverse CA Actions September 2017
1. Introduction
In the context of this document, any change to the Resource Public
Key Infrastructure (RPKI) [RFC6480] that diminishes the set of
Internet Number Resources (INRs) associated with an INR holder, and
that is contrary to the holder's wishes, is termed "adverse". This
analysis is done from the perspective of an affected INR holder. An
action that results in an adverse charge (as defined above) may be
the result of an attack on a CA [RFC7132], an error by a CA, or an
error by or an attack on a repository operator. Note that the CA
that allocated the affected INRs may be acting in accordance with
Show full document text