rfc9323.original.xml   rfc9323.xml 
<?xml version='1.0' encoding='utf-8'?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">
<?rfc sortrefs="yes"?> <!DOCTYPE rfc [
<?rfc subcompact="no"?> <!ENTITY nbsp "&#160;">
<?rfc symrefs="yes"?> <!ENTITY zwsp "&#8203;">
<?rfc toc="yes"?> <!ENTITY nbhy "&#8209;">
<?rfc tocdepth="3"?> <!ENTITY wj "&#8288;">
<?rfc compact="yes"?> ]>
<?rfc subcompact="no"?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="std" docName="draft-ie <rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" consensus=
tf-sidrops-rpki-rsc-11" ipr="trust200902" xml:lang="en" sortRefs="true" submissi "true" category="std" docName="draft-ietf-sidrops-rpki-rsc-11" number="9323" ipr
onType="IETF" consensus="true" version="3"> ="trust200902" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" to
cDepth="3" updates="" obsoletes="" version="3">
<front> <front>
<title abbrev="RPKI Signed Checklists">
A profile for Resource Public Key Infrastructure (RPKI) Signed Checklists <title abbrev="RPKI Signed Checklists (RSCs)">
(RSC) A Profile for RPKI Signed Checklists (RSCs)
</title> </title>
<seriesInfo name="Internet-Draft" value="draft-ietf-sidrops-rpki-rsc-09"/> <seriesInfo name="RFC" value="9323"/>
<author fullname="Job Snijders" initials="J." surname="Snijders"> <author fullname="Job Snijders" initials="J." surname="Snijders">
<organization>Fastly</organization> <organization>Fastly</organization>
<address> <address>
<postal> <postal>
<street/> <street/>
<code/> <code/>
<city>Amsterdam</city> <city>Amsterdam</city>
<country>Netherlands</country> <country>Netherlands</country>
</postal> </postal>
<email>job@fastly.com</email> <email>job@fastly.com</email>
skipping to change at line 54 skipping to change at line 56
<address> <address>
<postal> <postal>
<street/> <street/>
<city>Cape Town</city> <city>Cape Town</city>
<code/> <code/>
<country>South Africa</country> <country>South Africa</country>
</postal> </postal>
<email>benm@workonline.africa</email> <email>benm@workonline.africa</email>
</address> </address>
</author> </author>
<date year="2022" month="November" />
<area>ops</area>
<workgroup>sidrops</workgroup>
<keyword>security</keyword>
<keyword>cryptography</keyword>
<keyword>X.509</keyword>
<abstract> <abstract>
<t> <t>
This document defines a Cryptographic Message Syntax (CMS) protected co This document defines a Cryptographic Message Syntax (CMS) protected co
ntent type for use with the Resource Public Key Infrastructure (RPKI) to carry a ntent type for use with the Resource Public Key Infrastructure (RPKI) to carry a
general purpose listing of checksums (a 'checklist'). general-purpose listing of checksums (a 'checklist').
The objective is to allow an attestation, termed an RPKI Signed Checkli The objective is to allow for the creation of an attestation, termed an
st (RSC), which contains one or more checksums of arbitrary digital objects (fil "RPKI Signed Checklist (RSC)", which contains one or more checksums of arbitrar
es) that are signed "with resources", and which, when validated, confirms that t y digital objects (files) that are signed with a specific set of Internet Number
he respective Internet Resource Holder produced the RSC. Resources. When validated, an RSC confirms that the respective Internet resourc
e holder produced the RSC.
</t> </t>
</abstract> </abstract>
<note>
<name>Requirements Language</name>
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> wh
en, and only when, they appear in all
capitals, as shown here.
</t>
</note>
</front> </front>
<middle> <middle>
<section anchor="intro"> <section anchor="intro">
<name>Introduction</name> <name>Introduction</name>
<t> <t>
This document defines a Cryptographic Message Syntax (CMS) <xref target= This document defines a Cryptographic Message Syntax (CMS) <xref target=
"RFC5652"/> <xref target="RFC6268"/> protected content type for a general purpos "RFC5652"/> <xref target="RFC6268"/> protected content type for a general-purpos
e listing of checksums (a 'checklist'), for use with the Resource Public Key Inf e listing of checksums (a 'checklist'), for use with the Resource Public Key Inf
rastructure (RPKI) <xref target="RFC6480"/>. rastructure (RPKI) <xref target="RFC6480"/>.
The protected CMS content type is intended to provide for the creation a The CMS protected content type is intended to provide for the creation a
nd validation of an RPKI Signed Checklist (RSC): a checksum listing signed with nd validation of an RPKI Signed Checklist (RSC), a checksum listing signed with
a specific set of Internet Number Resources. a specific set of Internet Number Resources.
The objective is to allow an attestation that, when validated, provides The objective is to allow for the creation of an attestation that, when
a means to confirm a given Internet Resource Holder produced the RPKI Signed Che validated, provides a means to confirm a given Internet resource holder produced
cklist (RSC). the RSC.
</t> </t>
<t> <t>
Signed Checklists are expected to facilitate inter-domain business use-c RPKI Signed Checklists are expected to facilitate inter-domain business
ases which depend on an ability to verify resource holdership. use cases that depend on an ability to verify resource holdership.
RPKI-based validation processes are expected to become the industry norm RPKI-based validation processes are expected to become the industry norm
for automated Bring Your Own IP (BYOIP) on-boarding or establishment of physica for automated Bring Your Own IP (BYOIP) on-boarding or establishment of physica
l interconnection between Autonomous Systems. l interconnections between Autonomous Systems (ASes).
</t> </t>
<t> <t>
The RSC concept borrows heavily from <xref target="I-D.ietf-sidrops-rpki The RSC concept borrows heavily from Resource Tagged Attestation (RTA) <
-rta">RTA</xref>, Manifests <xref target="RFC9286"/>, and OpenBSD's <xref target xref target="I-D.ietf-sidrops-rpki-rta"/>, Manifests <xref target="RFC9286"/>, a
="signify"/> utility. nd OpenBSD's signify utility <xref target="signify"/>.
The main difference between RSC and RTA is that the RTA profile allows m The main difference between an RSC and RTA is that the RTA profile allow
ultiple signers to attest a single digital object through a checksum of its cont s multiple signers to attest a single digital object through a checksum of its c
ent, while the RSC profile allows a single signer to attest the content of multi ontent, while the RSC profile allows a single signer to attest the content of mu
ple digital objects. ltiple digital objects.
A single signer profile is considered a simplification for both implemen ters and operators. A single signer profile is considered a simplification for both implemen ters and operators.
</t> </t>
<section anchor="requirements">
<name>Requirements Language</name>
<t>
The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
"<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",
"<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are
to be interpreted as described in BCP&nbsp;14 <xref target="RFC2119"/>
<xref target="RFC8174"/> when, and only when, they appear in all capitals,
as shown here.
</t>
</section>
</section> </section>
<section anchor="profile"> <section anchor="profile">
<name>RSC Profile and Distribution</name> <name>RSC Profile and Distribution</name>
<t> <t>
RSC follows the Signed Object Template for the RPKI <xref target="RFC648 8"/> with one exception: because RSCs MUST NOT be distributed through the global RPKI Repository system, the Subject Information Access (SIA) extension MUST be omitted from the RSC's X.509 End-Entity (EE) certificate. RSC follows the Signed Object Template for the RPKI <xref target="RFC648 8"/> with one exception: because RSCs <bcp14>MUST NOT</bcp14> be distributed thr ough the global RPKI repository system, the Subject Information Access (SIA) ext ension <bcp14>MUST</bcp14> be omitted from the RSC's X.509 End-Entity (EE) certi ficate.
</t> </t>
<t> <t>
What constitutes suitable transport for RSC files is deliberately unspec ified. What constitutes suitable transport for RSC files is deliberately unspec ified.
For example, it might be a USB stick, a web interface secured with HTTPS , a PGP-signed email, a T-shirt printed with a QR code, or a carrier pigeon. For example, it might be a USB stick, a web interface secured with HTTPS , an email signed with Pretty Good Privacy (PGP), a T-shirt printed with a QR co de, or a carrier pigeon.
</t> </t>
<section title="RSC End-Entity Certificates"> <section title="RSC EE Certificates">
<t> <t>
The Certification Authority (CA) MUST only sign one RSC with each End- The Certification Authority (CA) <bcp14>MUST</bcp14> only sign one RSC
Entity (EE) Certificate, and MUST generate a new key pair for each new RSC. with each EE certificate and <bcp14>MUST</bcp14> generate a new key pair for ea
This form of use of the associated EE Certificate is termed a "one-tim ch new RSC.
e-use" EE certificate <xref target="RFC6487" section="3"/>. This type of EE certificate is termed a "one-time-use" EE certificate
(see <xref target="RFC6487" section="3"/>).
</t> </t>
</section> </section>
</section> </section>
<section anchor="content"> <section anchor="content">
<name>The RSC ContentType</name> <name>The RSC eContentType</name>
<t> <t>
The ContentType for an RSC is defined as rpkiSignedChecklist, with Objec t Identifier (OID) 1.2.840.113549.1.9.16.1.48. The eContentType for an RSC is defined as id-ct-signedChecklist, with Ob ject Identifier (OID) 1.2.840.113549.1.9.16.1.48.
</t> </t>
<t> <t>
This OID MUST appear both within the eContentType in the encapContentInf o object as well as the ContentType signed attribute in the signerInfo object (s ee <xref target="RFC6488"/>). This OID <bcp14>MUST</bcp14> appear within both the eContentType in the encapContentInfo object and the ContentType signed attribute in the signerInfo o bject (see <xref target="RFC6488"/>).
</t> </t>
</section> </section>
<section anchor="econtent"> <section anchor="econtent">
<name>The RSC eContent</name> <name>The RSC eContent</name>
<t> <t>
The content of an RSC indicates that a checklist for arbitrary digital o The content of an RSC indicates that a checklist for arbitrary digital o
bjects has been signed "with resources". bjects has been signed with a specific set of Internet Number Resources.
An RSC is formally defined as: An RSC is formally defined as follows:
</t> </t>
<sourcecode type="asn.1" originalSrc="RpkiSignedChecklist-2022.asn">RpkiSi gnedChecklist-2022 <sourcecode type="asn.1">RpkiSignedChecklist-2022
{ iso(1) member-body(2) us(840) rsadsi(113549) { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs9(9) smime(16) mod(0) pkcs(1) pkcs9(9) smime(16) mod(0)
id-mod-rpkiSignedChecklist-2022(73) } id-mod-rpkiSignedChecklist-2022(73) }
DEFINITIONS EXPLICIT TAGS ::= DEFINITIONS EXPLICIT TAGS ::=
BEGIN BEGIN
IMPORTS IMPORTS
CONTENT-TYPE, Digest, DigestAlgorithmIdentifier CONTENT-TYPE, Digest, DigestAlgorithmIdentifier
FROM CryptographicMessageSyntax-2010 -- in [RFC6268] FROM CryptographicMessageSyntax-2010 -- in [RFC6268]
skipping to change at line 181 skipping to change at line 197
ConstrainedIPAddressFamily ::= SEQUENCE { ConstrainedIPAddressFamily ::= SEQUENCE {
addressFamily OCTET STRING (SIZE(2)), addressFamily OCTET STRING (SIZE(2)),
addressesOrRanges SEQUENCE (SIZE(1..MAX)) OF IPAddressOrRange } addressesOrRanges SEQUENCE (SIZE(1..MAX)) OF IPAddressOrRange }
ConstrainedASIdentifiers ::= SEQUENCE { ConstrainedASIdentifiers ::= SEQUENCE {
asnum [0] SEQUENCE (SIZE(1..MAX)) OF ASIdOrRange } asnum [0] SEQUENCE (SIZE(1..MAX)) OF ASIdOrRange }
END END
</sourcecode> </sourcecode>
<section> <section>
<name>version</name> <name>Version</name>
<t> <t>
The version number of the RpkiSignedChecklist MUST be 0. The version number of the RpkiSignedChecklist <bcp14>MUST</bcp14> be 0 .
</t> </t>
</section> </section>
<section> <section>
<name>resources</name> <name>Resources</name>
<t> <t>
The resources contained here are the resources used to mark the attest ation, and MUST be a subset of the set of resources listed by the EE Certificate carried in the CMS certificates field. The resources contained here are the resources used to mark the attest ation and <bcp14>MUST</bcp14> be a subset of the set of resources listed by the EE certificate carried in the CMS certificates field.
</t> </t>
<t> <t>
If the asID field is present, it MUST contain an instance of Constrain edASIdentifiers. If the asID field is present, it <bcp14>MUST</bcp14> contain an instan ce of ConstrainedASIdentifiers.
</t> </t>
<t> <t>
If the ipAddrBlocks field is present, it MUST contain an instance of C onstrainedIPAddrBlocks. If the ipAddrBlocks field is present, it <bcp14>MUST</bcp14> contain a n instance of ConstrainedIPAddrBlocks.
</t> </t>
<t> <t>
At least one of asID or ipAddrBlocks MUST be present. At least one of asID or ipAddrBlocks <bcp14>MUST</bcp14> be present.
</t> </t>
<t> <t>
Each of ConstrainedASIdentifiers and ConstrainedIPAddrBlocks are speci fied such that the resulting DER-encoded data instances are binary compatible wi th, respectively, ASIdentifiers and IPAddrBlocks defined in <xref target="RFC377 9"/>. ConstrainedASIdentifiers and ConstrainedIPAddrBlocks are specified suc h that the resulting DER-encoded data instances are binary compatible with ASIde ntifiers and IPAddrBlocks (defined in <xref target="RFC3779"/>), respectively.
</t> </t>
<t> <t>
Implementations encountering decoding errors whilst attempting to read DER-encoded data using this specification should be aware of the possibility th at the data may have been encoded using an implementation intended for use with <xref target="RFC3779"/>. Such data may contain elements prohibited by the curre nt specification. Implementations encountering decoding errors whilst attempting to read DER-encoded data using this specification should be aware of the possibility th at the data may have been encoded using an implementation intended for use with <xref target="RFC3779"/>. Such data may contain elements prohibited by the curre nt specification.
</t> </t>
<t> <t>
Attempting to decode the errored data using the more permissive specif ication contained in <xref target="RFC3779"/> may enable implementors to gather additional context for use when reporting errors to the user. Attempting to decode the errored data using the more permissive specif ication contained in <xref target="RFC3779"/> may enable implementors to gather additional context for use when reporting errors to the user.
</t> </t>
<t> <t>
However, implementations MUST NOT ignore errors resulting from the mor e restrictive definitions contained herein: in particular, such errors MUST caus e the validation procedure described in <xref target="validation"/> to fail. However, implementations <bcp14>MUST NOT</bcp14> ignore errors resulti ng from the more restrictive definitions contained herein; in particular, such e rrors <bcp14>MUST</bcp14> cause the validation procedure described in <xref targ et="validation"/> to fail.
</t> </t>
<section> <section>
<name>ConstrainedASIdentifiers type</name> <name>ConstrainedASIdentifiers Type</name>
<t> <t>
ConstrainedASIdentifiers is a SEQUENCE, consisting of a single field "asnum", itself containing a SEQUENCE OF one or more ASIdOrRange instances as d efined in <xref target="RFC3779"/>. ConstrainedASIdentifiers is a SEQUENCE consisting of a single field, asnum, which in turn contains a SEQUENCE OF one or more ASIdOrRange instances a s defined in <xref target="RFC3779"/>.
</t> </t>
<t> <t>
ConstrainedASIdentifiers is defined such that the resulting DER-enco ded data are binary compatible with ASIdentifiers defined in <xref target="RFC37 79"/>. ConstrainedASIdentifiers is defined such that the resulting DER-enco ded data are binary compatible with ASIdentifiers defined in <xref target="RFC37 79"/>.
</t> </t>
</section> </section>
<section> <section>
<name>ConstrainedIPAddrBlocks type</name> <name>ConstrainedIPAddrBlocks Type</name>
<t> <t>
ConstrainedIPAddrBlocks is a SEQUENCE OF one or more instances of Co nstrainedIPAddressFamily. ConstrainedIPAddrBlocks is a SEQUENCE OF one or more instances of Co nstrainedIPAddressFamily.
</t> </t>
<t> <t>
There MUST be only one instance of ConstrainedIPAddressFamily per un ique AFI. There <bcp14>MUST</bcp14> be only one instance of ConstrainedIPAddre ssFamily per unique Address Family Identifier (AFI).
</t> </t>
<t> <t>
The elements of ConstrainedIPAddressFamily MUST be ordered by ascend The elements of ConstrainedIPAddressFamily <bcp14>MUST</bcp14> be or
ing addressFamily values (treating the octets as unsigned numbers). dered by ascending addressFamily values (treating the octets as unsigned numbers
Thus, when both IPv4 and IPv6 addresses are specified, the IPv4 addr ).
esses MUST precede the IPv6 addresses (since the IPv4 AFI of 0001 is less than t Thus, when both IPv4 and IPv6 addresses are specified, the IPv4 addr
he IPv6 AFI of 0002). esses <bcp14>MUST</bcp14> precede the IPv6 addresses (since the IPv4 AFI of 0001
is less than the IPv6 AFI of 0002).
</t> </t>
<t> <t>
ConstrainedIPAddrBlocks is defined such that the resulting DER-encod ed data are binary compatible with IPAddrBlocks defined in <xref target="RFC3779 "/>. ConstrainedIPAddrBlocks is defined such that the resulting DER-encod ed data are binary compatible with IPAddrBlocks defined in <xref target="RFC3779 "/>.
</t> </t>
<section> <section>
<name>ConstrainedIPAddressFamily type</name> <name>ConstrainedIPAddressFamily Type</name>
<section> <section>
<name>addressFamily field</name> <name>addressFamily Field</name>
<t> <t>
The addressFamily field is an OCTET STRING containing a two-octe The addressFamily field is an OCTET STRING containing a 2-octet
t Address Family Identifier (AFI), in network byte order. AFI, in network byte order.
Unlike <xref target="RFC3779">IPAddrBlocks</xref>, a third octet Unlike IPAddrBlocks <xref target="RFC3779"/>, a third octet cont
containing a Subsequent Address Family Identifier (SAFI) MUST NOT be present. aining a Subsequent Address Family Identifier (SAFI) <bcp14>MUST NOT</bcp14> be
AFIs are specified in the Address Family Numbers <xref target="I present.
ANA.ADDRESS-FAMILY-NUMBERS">registry</xref> maintained by IANA. AFIs are specified in the "Address Family Numbers" registry <xre
f target="IANA.ADDRESS-FAMILY-NUMBERS"></xref> maintained by IANA.
</t> </t>
</section> </section>
<section> <section>
<name>addressesOrRanges field</name> <name>addressesOrRanges Field</name>
<t> <t>
The addressesOrRanges element is a SEQUENCE OF one or more IPAdd ressOrRange values, as defined in <xref target="RFC3779"/>. The addressesOrRanges element is a SEQUENCE OF one or more IPAdd ressOrRange values, as defined in <xref target="RFC3779"/>.
The rules for canonicalization and encoding defined in <xref tar get="RFC3779" section="2.2.3.6"/> apply to the value of addressesOrRanges. The rules for canonicalization and encoding defined in <xref tar get="RFC3779" section="2.2.3.6"/> apply to the value of addressesOrRanges.
</t> </t>
</section> </section>
</section> </section>
</section> </section>
</section> </section>
<section> <section>
<name>digestAlgorithm</name> <name>digestAlgorithm</name>
<t> <t>
The digest algorithm used to create the message digest of the attested The digest algorithm is used to create the message digest of the attes
digital object(s). ted digital object(s).
This algorithm MUST be a hashing algorithm defined in <xref target="RF This algorithm <bcp14>MUST</bcp14> be a hashing algorithm defined in <
C7935"/>. xref target="RFC7935"/>.
</t> </t>
</section> </section>
<section> <section>
<name>checkList</name> <name>checkList</name>
<t> <t>
This field is a SEQUENCE OF one or more FileNameAndHash values. This field is a SEQUENCE OF one or more FileNameAndHash values.
There is one FileNameAndHash entry for each digital object referenced on the Signed Checklist. There is one FileNameAndHash entry for each digital object referenced on the RSC.
</t> </t>
<section anchor="FileNameAndHash"> <section anchor="FileNameAndHash">
<name>FileNameAndHash</name> <name>FileNameAndHash</name>
<t> <t>
Each FileNameAndHash is an ordered pair of the name of the directory entry containing the digital object, and the message digest of the digital obje ct. Each FileNameAndHash is an ordered pair of the name of the directory entry containing the digital object and the message digest of the digital objec t.
</t> </t>
<t> <t>
The hash field is mandatory. The hash field is mandatory.
The value of the hash field is the calculated message digest of the digital object. The value of the hash field is the calculated message digest of the digital object.
The hashing algorithm is specified in the digestAlgorithm field. The hashing algorithm is specified in the digestAlgorithm field.
</t> </t>
<t> <t>
The fileName field is OPTIONAL. The fileName field is <bcp14>OPTIONAL</bcp14>.
This is to allow Signed Checklists to be used in a "stand-alone" fas This is to allow RSCs to be used in a "stand-alone" fashion in which
hion in which nameless digital objects are addressed directly through their resp nameless digital objects are addressed directly through their respective messag
ective message digest rather than through a file system abstraction. e digest rather than through a file system abstraction.
</t> </t>
<t> <t>
If the fileName field is present then its value: If the fileName field is present, then its value:
</t> </t>
<ul> <ul>
<li> <li>
MUST contain only characters specified in the Portable Filename Ch aracter Set as defined in <xref target="POSIX"/>. <bcp14>MUST</bcp14> contain only characters specified in the Porta ble Filename Character Set as defined in <xref target="POSIX"/>.
</li> </li>
<li> <li>
MUST be unique with respect to the other FileNameAndHash elements of checkList for which the fileName field is also present. <bcp14>MUST</bcp14> be unique with respect to the other FileNameAn dHash elements of checkList for which the fileName field is also present.
</li> </li>
</ul> </ul>
<t> <t>
Conversely, if the fileName field is omitted, then the value of the hash field MUST be unique with respect to the other FileNameAndHash elements of checkList for which the fileName field is also omitted. Conversely, if the fileName field is omitted, then the value of the hash field <bcp14>MUST</bcp14> be unique with respect to the other FileNameAndHa sh elements of checkList for which the fileName field is also omitted.
</t> </t>
</section> </section>
</section> </section>
</section> </section>
<section anchor="validation"> <section anchor="validation">
<name>RSC Validation</name> <name>RSC Validation</name>
<t> <t>
Before a Relying Party can use an RSC to validate a set of digital objec Before a Relying Party (RP) can use an RSC to validate a set of digital
ts, the Relying Party MUST first validate the RSC. objects, the RP <bcp14>MUST</bcp14> first validate the RSC.
To validate an RSC, the Relying Party MUST perform all the validation ch To validate an RSC, the RP <bcp14>MUST</bcp14> perform all the validatio
ecks specified in <xref target="RFC6488"/> (except checking for the presence of n checks specified in <xref target="RFC6488"/>, except for checking for the pres
an SIA extension, which MUST NOT be present in the EE X.509 certificate <xref ta ence of an SIA extension, which <bcp14>MUST NOT</bcp14> be present in the EE cer
rget="RFC6487" section="4.8.8.2"/>), and perform the following additional RSC-sp tificate (see <xref target="profile"/>).
ecific validation steps: In addition, the RP <bcp14>MUST</bcp14> perform the following RSC-specif
ic validation steps:
</t> </t>
<ol> <ol>
<li> <li>
The contents of the CMS eContent field MUST conform to all of the cons traints described in <xref target="econtent"/> including the constraints describ ed in <xref target="FileNameAndHash"/>. The contents of the CMS eContent field <bcp14>MUST</bcp14> conform to all of the constraints described in <xref target="econtent"/>, including the con straints described in <xref target="FileNameAndHash"/>.
</li> </li>
<li> <li>
If the asID field is present within the contents of the 'resources' fi eld, then the AS Resources extension <xref target="RFC3779"/> MUST be present in the EE certificate contained in the CMS certificates field. The AS identifiers present in the eContent 'resources' field MUST be a subset of those present in t he certificate extension. The EE certificate's AS Resources extension MUST NOT c ontain "inherit" elements. If the asID field is present within the contents of the resources fiel d, then the AS identifier delegation extension <xref target="RFC3779"/> <bcp14>M UST</bcp14> be present in the EE certificate contained in the CMS certificates f ield. The AS identifiers present in the eContent resources field <bcp14>MUST</bc p14> be a subset of those present in the certificate extension. The EE certifica te's AS identifier delegation extension <bcp14>MUST NOT</bcp14> contain "inherit " elements.
</li> </li>
<li> <li>
If the ipAddrBlocks field is present within the contents of the 'resou rces' field, then the IP Resources extension <xref target="RFC3779"/> MUST be pr esent in the EE certificate contained in the CMS certificates field. The IP addr esses present in the eContent 'resources' field MUST be a subset of those presen t in the certificate extension. The EE certificate's IP Resources extension MUST NOT contain "inherit" elements. If the ipAddrBlocks field is present within the contents of the resour ces field, then the IP address delegation extension <xref target="RFC3779"/> <bc p14>MUST</bcp14> be present in the EE certificate contained in the CMS certifica tes field. The IP addresses present in the eContent resources field <bcp14>MUST< /bcp14> be a subset of those present in the certificate extension. The EE certif icate's IP address delegation extension <bcp14>MUST NOT</bcp14> contain "inherit " elements.
</li> </li>
</ol> </ol>
</section> </section>
<section> <section>
<name>Verifying files or data using RSC</name> <name>Verifying Files or Data Using RSC</name>
<t> <t>
To verify a set of digital objects with an RSC: To verify a set of digital objects with an RSC:
</t> </t>
<ul> <ul>
<li> <li>
The RSC MUST be validated according to the procedure described in <xre The RSC <bcp14>MUST</bcp14> be validated according to the procedure de
f target="validation"/>. scribed in <xref target="validation"/>.
If the RSC cannot be validated, verification MUST fail. If the RSC cannot be validated, verification <bcp14>MUST</bcp14> fail.
This error SHOULD be reported to the user. This error <bcp14>SHOULD</bcp14> be reported to the user.
</li> </li>
<li> <li>
<t>For every digital object to be verified:</t> <t>For every digital object to be verified:</t>
<ol> <ol>
<li anchor="mode"> <li anchor="mode">
<t> <t>
If the verification procedure is provided with a file name for t he object being verified (e.g. because the user has provided a file system path from which to read the object) then verification SHOULD proceed in "filename-awa re" mode. Otherwise, verification SHOULD proceed in "filename-unaware" mode. If the verification procedure is provided with a filename for th e object being verified (e.g., because the user has provided a file system path from which to read the object), then verification <bcp14>SHOULD</bcp14> proceed in "filename-aware" mode. Otherwise, verification <bcp14>SHOULD</bcp14> proceed in "filename-unaware" mode.
</t> </t>
<t> <t>
Implementations MAY provide an option to override the verificati on mode, for example to ignore the fact that the object is to be read from a fil e. Implementations <bcp14>MAY</bcp14> provide an option to override the verification mode, for example, to ignore the fact that the object is to be read from a file.
</t> </t>
</li> </li>
<li anchor="hash"> <li anchor="hash">
<t> <t>
The message digest MUST be computed from the file contents or da ta using the digest algorithm specified in the digestAlgorithm field of the RSC. The message digest <bcp14>MUST</bcp14> be computed from the file contents or data using the digest algorithm specified in the digestAlgorithm fi eld of the RSC.
</t> </t>
</li> </li>
<li anchor="match_hash"> <li anchor="match_hash">
<t> <t>
The digest computed in step <xref target="hash" format="counter" /> MUST be compared to the value appearing in the hash field of all FileNameAndH ash elements of the checkList field of the RSC. The digest computed in Step <xref target="hash" format="counter" /> <bcp14>MUST</bcp14> be compared to the value appearing in the hash field of a ll FileNameAndHash elements of the checkList field of the RSC.
</t> </t>
<t> <t>
One or more FileNameAndHash elements MUST be found with a matchi ng hash value, otherwise verification MUST fail and the error SHOULD be reported to the user. One or more FileNameAndHash elements <bcp14>MUST</bcp14> be foun d with a matching hash value; otherwise, verification <bcp14>MUST</bcp14> fail, and the error <bcp14>SHOULD</bcp14> be reported to the user.
</t> </t>
</li> </li>
<li> <li>
<t> <t>
If the mode selected in step <xref target="mode" format="counter "/> is "filename-aware" then exactly one of the FileNameAndHash elements matched in step <xref target="match_hash" format="counter"/> MUST contain a fileName fi eld value exactly matching the file name of the object being verified. If the mode selected in Step <xref target="mode" format="counter "/> is "filename-aware", then exactly one of the FileNameAndHash elements matche d in Step <xref target="match_hash" format="counter"/> <bcp14>MUST</bcp14> conta in a fileName field value exactly matching the filename of the object being veri fied.
</t> </t>
<t> <t>
Alternatively, if the mode selected in step <xref target="mode" format="counter"/> is "filename-unaware" then exactly one of the FileNameAndHash elements matched in step <xref target="match_hash" format="counter"/> MUST have the fileName field omitted. Alternatively, if the mode selected in Step <xref target="mode" format="counter"/> is "filename-unaware", then exactly one of the FileNameAndHas h elements matched in Step <xref target="match_hash" format="counter"/> <bcp14>M UST</bcp14> have the fileName field omitted.
</t> </t>
<t> <t>
Otherwise, verification MUST fail, and the error SHOULD be repor ted to the user. Otherwise, verification <bcp14>MUST</bcp14> fail, and the error <bcp14>SHOULD</bcp14> be reported to the user.
</t> </t>
</li> </li>
</ol> </ol>
</li> </li>
</ul> </ul>
<t> <t>
Note that in the above procedure, not all elements of checkList necessar ily need be used. That is, it is not an error if the length of checkList is grea ter than the size of the set of digital objects to be verified. However, in this situation, implementations SHOULD issue a warning to the user, allowing for cor rective action to be taken if necessary. Note that in the above procedure, not all elements of checkList necessar ily need be used. That is, it is not an error if the length of checkList is grea ter than the size of the set of digital objects to be verified. However, in this situation, implementations <bcp14>SHOULD</bcp14> issue a warning to the user, a llowing for corrective action to be taken if necessary.
</t> </t>
</section> </section>
<section> <section>
<name>Operational Considerations</name> <name>Operational Considerations</name>
<t> <t>
When creating digital objects of a plain-text nature (such as ASCII, UTF When creating digital objects of a plain-text nature (such as ASCII, UTF
-8, HTML, Javascript, XML, etc.) converting such objects into a lossless compres -8, HTML, Javascript, and XML), converting such objects into a lossless compress
sed form is RECOMMENDED. ed form is <bcp14>RECOMMENDED</bcp14>.
Distributing plain-text objects within a compression envelope (such as < Distributing plain-text objects within a compression envelope (such as G
xref target="RFC1952">GZIP</xref>) might help avoid unexpected canonicalization ZIP <xref target="RFC1952"></xref>) might help avoid unexpected canonicalization
at intermediate systems (which in turn would lead to checksum verification error at intermediate systems (which in turn would lead to checksum verification erro
s). rs).
Validator implementations are expected to treat a checksummed digital ob Validator implementations are expected to treat a checksummed digital ob
ject as string of arbitrary single octets. ject as a string of arbitrary single octets.
</t> </t>
<t>
If a fileName field is present, but no digital object within the set of <t>
to-be-verified digital objects has a filename that matches the content of that f If a fileName field is present, but no digital object within the set of
ield, a validator implementation SHOULD compare the message digest of each digit to-be-verified digital objects has a filename that matches the content of that f
al object to the value from the hash field of the associated FileNameAndHash and ield, a validator implementation <bcp14>SHOULD</bcp14> compare the message diges
report matches to the user for further consideration; or report an error indica t of each digital object to the value from the hash field of the associated File
ting no file by that name exists. NameAndHash and report matches to the user for further consideration.
</t> </t>
</section> </section>
<section anchor="security"> <section anchor="security">
<name>Security Considerations</name> <name>Security Considerations</name>
<t> <t>
Relying parties are hereby warned that the data in a RPKI Signed Checkli RPs are hereby warned that the data in an RSC is self-asserted.
st is self-asserted. When determining the meaning of any data contained in an RSC, RPs <bcp14
When determining the meaning of any data contained in an RPKI Signed Che >MUST NOT</bcp14> make any assumptions about the signer beyond the fact that it
cklist, Relying Parties MUST NOT make any assumptions about the signer beyond th had sufficient control of the issuing CA to create the object.
e fact that it had sufficient control of the issuing CA to create the object. These data have not been verified by the Certificate Authority (CA) that
These data have not been verified by the Certificate Authority (CA) that issued the CA certificate to the entity that issued the EE certificate used to
issued the CA certificate to the entity that issued the EE Certificate used to validate the RSC.
validate the Signed Checklist.
</t> </t>
<t> <t>
RPKI Certificates are not bound to real world identities, see <xref targ RPKI certificates are not bound to real-world identities; see <xref targ
et="RFC9255"/> for an elaboration. et="RFC9255"/> for an elaboration.
Relying Parties can only associate real world entities to Internet Numbe RPs can only associate real-world entities to Internet Number Resources
r Resources by additionally consulting an exogenous authority. by additionally consulting an exogenous authority.
Signed Checklists are a tool to communicate assertions 'signed with Inte RSCs are a tool to communicate assertions signed with Internet Number Re
rnet Number Resources', not about any other aspect of the resource holder's busi sources and do not communicate any other aspect of the resource holder's busines
ness operations such as the identity of the resource holder itself. s operations, such as the identity of the resource holder itself.
</t> </t>
<t> <t>
RSC objects are not distributed through the RPKI Repository system. RSC objects are not distributed through the RPKI repository system.
From this, it follows that third parties who do not have a copy of a giv From this, it follows that third parties who do not have a copy of a giv
en RSC, may not be aware of the existence of that RSC. en RSC may not be aware of the existence of that RSC.
Since RSC objects use EE Certificates, but all other currently defined t Since RSC objects use EE certificates but all other currently defined ty
ypes of RPKI object profiles are published in public CA repositories, an observe pes of RPKI object profiles are published in public CA repositories, an observer
r may infer from discrepancies in the Repository that RSC object(s) may exist. may infer from discrepancies in the repository that RSC object(s) may exist.
For example, if a CA does not use random serial numbers for Certificates For example, if a CA does not use random serial numbers for certificates
, an observer could detect gaps between the serial numbers of the published EE C , an observer could detect gaps between the serial numbers of the published EE c
ertificates. ertificates.
Similarly, if the CA includes a serial number on a CRL that does not mat Similarly, if the CA includes a serial number on a Certificate Revocatio
ch any published object, an observer could postulate an RSC EE Certificate was r n List (CRL) that does not match any published object, an observer could postula
evoked. te that an RSC EE certificate was revoked.
</t> </t>
<t> <t>
Conversely, a gap in serial numbers does not imply that an RSC exists. Conversely, a gap in serial numbers does not imply that an RSC exists.
Nor does an arbitrary (to the RP unknown) serial in a CRL imply an RSC o Nor does the presence in a CRL of a serial number unknown to the RP impl
bject exists: the implicitly referenced object might not be an RSC, it might hav y an RSC object exists: the implicitly referenced object might not be an RSC, it
e never been published, or was revoked before it was visible to RPs. might have never been published, or it may have been revoked before it was visi
In general, it is not possible to confidently infer the existence or non ble to RPs.
-existence of RSCs from the Repository state without access to a given RSC. In general, it is not possible to confidently infer the existence or non
</t> -existence of RSCs from the repository state without access to a given RSC.
<t>
While a one-time-use EE Certificate must only be used to generate and si
gn a single RSC object, CAs technically are not restricted from generating and s
igning multiple different RSC objects with a single keypair.
Any RSC objects sharing the same EE Certificate can not be revoked indiv
idually.
</t>
</section>
<section removeInRFC="true">
<name>Implementation status</name>
<t>
This section records the status of known implementations of the protocol
defined by this specification at the time of posting of this Internet-Draft, an
d is based on a proposal described in RFC 7942.
The description of implementations in this section is intended to assist
the IETF in its decision processes in progressing drafts to RFCs.
Please note that the listing of any individual implementation here does
not imply endorsement by the IETF.
Furthermore, no effort has been spent to verify the information presente
d here that was supplied by IETF contributors.
This is not intended as, and must not be construed to be, a catalog of a
vailable implementations or their features.
Readers are advised to note that other implementations may exist.
</t> </t>
existence of RSCs from the <span class="insert">repository</span> state without access to a given RSC.
<t> <t>
According to RFC 7942, "this will allow reviewers and working groups to While a one-time-use EE certificate must only be used to generate and si
assign due consideration to documents that have the benefit of running code, whi gn a single RSC object, CAs technically are not restricted from generating and s
ch may serve as evidence of valuable experimentation and feedback that have made igning multiple different RSC objects with a single key pair.
the implemented protocols more mature. Any RSC objects sharing the same EE certificate cannot be revoked indivi
It is up to the individual working groups to use this information as the dually.
y see fit".
</t> </t>
<ul>
<li>
A signer and validator implementation <xref target="rpki-rsc-demo"/> w
ritten in Perl based on OpenSSL was provided by Tom Harrison from APNIC.
</li>
<li>
A signer implementation <xref target="rpkimancer"/> written in Python
was developed by Ben Maddison.
</li>
<li>
Example .sig files were created by Job Snijders with the use of OpenSS
L.
</li>
<li>
A validator implementation based on OpenBSD rpki-client and LibreSSL w
as developed by Job Snijders.
</li>
<li>
A validator implementation <xref target="FORT"/> based on the FORT val
idator was developed by Alberto Leiva for a previous version of this specificati
on.
</li>
<li>
A validator implementation <xref target="prover"/> was developed by Mi
khail Puzanov.
</li>
</ul>
</section> </section>
<section anchor="iana"> <section anchor="iana">
<name>IANA Considerations</name> <name>IANA Considerations</name>
<section> <section>
<name>SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1) </name> <name>SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1) </name>
<t> <t>
The IANA has allocated for this document in the "SMI Security for S/MI IANA has allocated the following in the "SMI Security for S/MIME CMS C
ME CMS Content Type (1.2.840.113549.1.9.16.1)" registry: ontent Type (1.2.840.113549.1.9.16.1)" registry:
</t>
<artwork>
<![CDATA[
Decimal Description References
48 id-ct-signedChecklist [draft-ietf-sidrops-rpki-rsc]
]]>
</artwork>
<t>
Upon publication of this document, IANA is requested to reference the
RFC publication instead of this draft.
</t> </t>
<table anchor="cms-content-type" align="center">
<name></name>
<thead>
<tr>
<th rowspan="1" colspan="1">Decimal</th>
<th rowspan="1" colspan="1">Description</th>
<th rowspan="1" colspan="1">References</th>
</tr>
</thead>
<tbody>
<tr>
<td>48</td>
<td>id-ct-signedChecklist</td>
<td>RFC 9323</td>
</tr>
</tbody>
</table>
</section> </section>
<section> <section>
<name>RPKI Signed Objects sub-registry</name> <name>RPKI Signed Objects</name>
<t> <t>
The IANA is requested to register the OID for the RPKI Signed Checklis t in the "RPKI Signed Objects" registry created by <xref target="RFC6488"/> as f ollows: IANA has registered the OID for the RSC in the "RPKI Signed Objects" r egistry <xref target="RFC6488"/> as follows:
</t> </t>
<artwork>
<![CDATA[ <table anchor="rpki-signed-checklist" align="center">
Name OID Specification <name></name>
Signed Checklist 1.2.840.113549.1.9.16.1.48 [RFC-TBD] <thead>
]]> <tr>
</artwork> <th rowspan="1" colspan="1">Name</th>
<th rowspan="1" colspan="1">OID</th>
<th rowspan="1" colspan="1">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td>Signed Checklist</td>
<td>1.2.840.113549.1.9.16.1.48</td>
<td>RFC 9323</td>
</tr>
</tbody>
</table>
</section> </section>
<section> <section>
<name>File Extension</name> <name>RPKI Repository Name Schemes</name>
<t>
The IANA has temporarily added an item for the Signed Checklist file e
xtension to the "RPKI Repository Name Schemes" registry created by <xref target=
"RFC6481"/> as follows:
</t>
<artwork>
<![CDATA[
Filename Extension RPKI Object Reference
.sig Signed Checklist [draft-ietf-sidrops-rpki-rsc]
]]>
</artwork>
<t> <t>
Upon publication of this document, IANA is requested to make this addi tion permanent and to reference the RFC publication instead of this draft. IANA has added the Signed Checklist file extension to the "RPKI Reposi tory Name Schemes" registry <xref target="RFC6481"/> as follows:
</t> </t>
<table anchor="rpki-repository-name-schemes" align="center">
<name></name>
<thead>
<tr>
<th rowspan="1" colspan="1">Filename Extension</th>
<th rowspan="1" colspan="1">RPKI Object</th>
<th rowspan="1" colspan="1">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td>.sig</td>
<td>Signed Checklist</td>
<td>RFC 9323</td>
</tr>
</tbody>
</table>
</section> </section>
<section> <section>
<name>SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0 )</name> <name>SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0 )</name>
<t> <t>
The IANA has permanently allocated for this document in the "SMI Secur IANA has allocated the following in the "SMI Security for S/MIME Modul
ity for S/MIME Module Identifier (1.2.840.113549.1.9.16.0)" registry: e Identifier (1.2.840.113549.1.9.16.0)" registry:
</t>
<artwork>
<![CDATA[
Decimal Description References
73 id-mod-rpkiSignedChecklist-2021 [draft-ietf-sidrops-rpki-rsc]
]]>
</artwork>
<t>
Upon publication of this document, IANA is requested to update the "De
scription" column to read "id-mod-rpkiSignedChecklist-2022", and to reference th
e RFC publication instead of this draft.
</t> </t>
<table anchor="smi-security-identifier" align="center">
<name></name>
<thead>
<tr>
<th rowspan="1" colspan="1">Decimal</th>
<th rowspan="1" colspan="1">Description</th>
<th rowspan="1" colspan="1">References</th>
</tr>
</thead>
<tbody>
<tr>
<td>73</td>
<td>id-mod-rpkiSignedChecklist-2022</td>
<td>RFC 9323</td>
</tr>
</tbody>
</table>
</section> </section>
<section> <section>
<name>Media Type</name> <name>Media Types</name>
<t>
The IANA has registered the media type application/rpki-checklist in t
he "Provisional Standard Media Type" registry as follows:
</t>
<artwork>
<![CDATA[
Type name: application
Subtype name: rpki-checklist
Required parameters: N/A
Optional parameters: N/A
Encoding considerations: binary
Security considerations: Carries an RPKI Signed Checklist
[RFC-to-be]. This media type contains no active
content. See Section 5 of [RFC-to-be] for further
information.
Interoperability considerations: None
Published specification: This document.
Applications that use this media type: RPKI operators.
Additional information:
Content: This media type is a signed object, as defined
in [RFC6488], which contains a payload of a list of
checksums as defined above in this document.
Magic number(s): None
File extension(s): .sig
Macintosh file type code(s):
Person & email address to contact for further information:
Job Snijders <job@fastly.com>
Intended usage: COMMON
Restrictions on usage: None
Author: Job Snijders <job@fastly.com>
Change controller: IETF
]]>
</artwork>
<t> <t>
Upon publication of this document, IANA is requested to move this regi stration to the "Media Types" registry and to reference the RFC publication inst ead of this draft. IANA has registered the media type "application/rpki-checklist" in the "Media Types" registry as follows:
</t> </t>
<dl>
<dt>Type name:</dt><dd>application</dd>
<dt>Subtype name:</dt><dd>rpki-checklist</dd>
<dt>Required parameters:</dt><dd>N/A</dd>
<dt>Optional parameters:</dt><dd>N/A</dd>
<dt>Encoding considerations:</dt><dd>binary</dd>
<dt>Security considerations:</dt><dd>Carries an RPKI Signed Checklist. This m
edia type contains no active content. See <xref target="validation"/> of RFC 932
3 for further information.</dd>
<dt>Interoperability considerations:</dt><dd>N/A</dd>
<dt>Published specification:</dt><dd>RFC 9323</dd>
<dt>Applications that use this media type:</dt><dd>RPKI operators</dd>
<dt>Fragment identifier considerations:</dt><dd>N/A</dd>
<dt>Additional information:</dt><dd>
<t><br/></t>
<dl spacing="compact">
<dt>Content:</dt><dd>This media type is a signed object, as defined in [RFC
6488], which contains a payload of a list of checksums as defined in RFC 9323.</
dd>
<dt>Magic number(s):</dt><dd>N/A</dd>
<dt>File extension(s):</dt><dd>.sig</dd>
<dt>Macintosh file type code(s):</dt><dd>N/A</dd>
</dl>
</dd>
<dt>Person &amp; email address to contact for further information:</dt><dd>Jo
b Snijders (job@fastly.com)</dd>
<dt>Intended usage:</dt><dd>COMMON</dd>
<dt>Restrictions on usage:</dt><dd>N/A</dd>
<dt>Author:</dt><dd>Job Snijders (job@fastly.com)</dd>
<dt>Change controller:</dt><dd>IETF</dd>
</dl>
</section> </section>
</section> </section>
</middle> </middle>
<back> <back>
<displayreference target="I-D.ietf-sidrops-rpki-rta" to="RPKI-RTA"/>
<references> <references>
<name>References</name> <name>References</name>
<references> <references>
<name>Normative References</name> <name>Normative References</name>
<reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2
119" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.
<front> xml"/>
<title>Key words for use in RFCs to Indicate Requirement Levels</tit <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3779.
le> xml"/>
<author initials="S." surname="Bradner" fullname="S. Bradner"> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5652.
<organization/> xml"/>
</author> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6481.
<date year="1997" month="March"/> xml"/>
<abstract> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6487.
<t>In many standards track documents several words are used to sig xml"/>
nify the requirements in the specification. These words are often capitalized. <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6488.
This document defines these words as they should be interpreted in IETF document xml"/>
s. This document specifies an Internet Best Current Practices for the Internet <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7935.
Community, and requests discussion and suggestions for improvements.</t> xml"/>
</abstract> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.
</front> xml"/>
<seriesInfo name="BCP" value="14"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.9286.
<seriesInfo name="RFC" value="2119"/> xml"/>
<seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC3779" target="https://www.rfc-editor.org/info/rfc3
779" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3779.xml">
<front>
<title>X.509 Extensions for IP Addresses and AS Identifiers</title>
<author initials="C." surname="Lynn" fullname="C. Lynn">
<organization/>
</author>
<author initials="S." surname="Kent" fullname="S. Kent">
<organization/>
</author>
<author initials="K." surname="Seo" fullname="K. Seo">
<organization/>
</author>
<date year="2004" month="June"/>
<abstract>
<t>This document defines two X.509 v3 certificate extensions. The
first binds a list of IP address blocks, or prefixes, to the subject of a certi
ficate. The second binds a list of autonomous system identifiers to the subject
of a certificate. These extensions may be used to convey the authorization of
the subject to use the IP addresses and autonomous system identifiers contained
in the extensions. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="3779"/>
<seriesInfo name="DOI" value="10.17487/RFC3779"/>
</reference>
<reference anchor="RFC5652" target="https://www.rfc-editor.org/info/rfc5
652" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5652.xml">
<front>
<title>Cryptographic Message Syntax (CMS)</title>
<author initials="R." surname="Housley" fullname="R. Housley">
<organization/>
</author>
<date year="2009" month="September"/>
<abstract>
<t>This document describes the Cryptographic Message Syntax (CMS).
This syntax is used to digitally sign, digest, authenticate, or encrypt arbitr
ary message content. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="STD" value="70"/>
<seriesInfo name="RFC" value="5652"/>
<seriesInfo name="DOI" value="10.17487/RFC5652"/>
</reference>
<reference anchor="RFC6481" target="https://www.rfc-editor.org/info/rfc6
481" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6481.xml">
<front>
<title>A Profile for Resource Certificate Repository Structure</titl
e>
<author initials="G." surname="Huston" fullname="G. Huston">
<organization/>
</author>
<author initials="R." surname="Loomans" fullname="R. Loomans">
<organization/>
</author>
<author initials="G." surname="Michaelson" fullname="G. Michaelson">
<organization/>
</author>
<date year="2012" month="February"/>
<abstract>
<t>This document defines a profile for the structure of the Resour
ce Public Key Infrastructure (RPKI) distributed repository. Each individual rep
ository publication point is a directory that contains files that correspond to
X.509/PKIX Resource Certificates, Certificate Revocation Lists and signed object
s. This profile defines the object (file) naming scheme, the contents of reposi
tory publication points (directories), and a suggested internal structure of a l
ocal repository cache that is intended to facilitate synchronization across a di
stributed collection of repository publication points and to facilitate certific
ation path construction. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6481"/>
<seriesInfo name="DOI" value="10.17487/RFC6481"/>
</reference>
<reference anchor="RFC6487" target="https://www.rfc-editor.org/info/rfc6
487" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6487.xml">
<front>
<title>A Profile for X.509 PKIX Resource Certificates</title>
<author fullname="G. Huston" initials="G." surname="Huston"/>
<author fullname="G. Michaelson" initials="G." surname="Michaelson"/
>
<author fullname="R. Loomans" initials="R." surname="Loomans"/>
<date month="February" year="2012"/>
<abstract>
<t>This document defines a standard profile for X.509 certificates
for the purpose of supporting validation of assertions of "right-of-use" of Int
ernet Number Resources (INRs). The certificates issued under this profile are u
sed to convey the issuer's authorization of the subject to be regarded as the cu
rrent holder of a "right-of-use" of the INRs that are described in the certifica
te. This document contains the normative specification of Certificate and Certi
ficate Revocation List (CRL) syntax in the Resource Public Key Infrastructure (R
PKI). This document also specifies profiles for the format of certificate reque
sts and specifies the Relying Party RPKI certificate path validation procedure.
[STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6487"/>
<seriesInfo name="DOI" value="10.17487/RFC6487"/>
</reference>
<reference anchor="RFC6488" target="https://www.rfc-editor.org/info/rfc6
488" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6488.xml">
<front>
<title>Signed Object Template for the Resource Public Key Infrastruc
ture (RPKI)</title>
<author initials="M." surname="Lepinski" fullname="M. Lepinski">
<organization/>
</author>
<author initials="A." surname="Chi" fullname="A. Chi">
<organization/>
</author>
<author initials="S." surname="Kent" fullname="S. Kent">
<organization/>
</author>
<date year="2012" month="February"/>
<abstract>
<t>This document defines a generic profile for signed objects used
in the Resource Public Key Infrastructure (RPKI). These RPKI signed objects ma
ke use of Cryptographic Message Syntax (CMS) as a standard encapsulation format.
[STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6488"/>
<seriesInfo name="DOI" value="10.17487/RFC6488"/>
</reference>
<reference anchor="RFC7935" target="https://www.rfc-editor.org/info/rfc7
935" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7935.xml">
<front>
<title>The Profile for Algorithms and Key Sizes for Use in the Resou
rce Public Key Infrastructure</title>
<author fullname="G. Huston" initials="G." surname="Huston"/>
<author fullname="G. Michaelson" initials="G." role="editor" surname
="Michaelson"/>
<date month="August" year="2016"/>
<abstract>
<t>This document specifies the algorithms, algorithms' parameters,
asymmetric key formats, asymmetric key size, and signature format for the Resou
rce Public Key Infrastructure (RPKI) subscribers that generate digital signature
s on certificates, Certificate Revocation Lists (CRLs), Cryptographic Message Sy
ntax (CMS) signed objects and certification requests as well as for the relying
parties (RPs) that verify these digital signatures.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7935"/>
<seriesInfo name="DOI" value="10.17487/RFC7935"/>
</reference>
<reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8
174" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
<front>
<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti
tle>
<author initials="B." surname="Leiba" fullname="B. Leiba">
<organization/>
</author>
<date year="2017" month="May"/>
<abstract>
<t>RFC 2119 specifies common key words that may be used in protoco
l specifications. This document aims to reduce the ambiguity by clarifying tha
t only UPPERCASE usage of the key words have the defined special meanings.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="8174"/>
<seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>
<reference anchor="RFC9286" target="https://www.rfc-editor.org/info/rfc9
286" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9286.xml">
<front>
<title>Manifests for the Resource Public Key Infrastructure (RPKI)</
title>
<author fullname="R. Austein" initials="R." surname="Austein"/>
<author fullname="G. Huston" initials="G." surname="Huston"/>
<author fullname="S. Kent" initials="S." surname="Kent"/>
<author fullname="M. Lepinski" initials="M." surname="Lepinski"/>
<date month="June" year="2022"/>
<abstract>
<t>This document defines a "manifest" for use in the Resource Publ
ic Key Infrastructure (RPKI). A manifest is a signed object (file) that contain
s a listing of all the signed objects (files) in the repository publication poin
t (directory) associated with an authority responsible for publishing in the rep
ository. For each certificate, Certificate Revocation List (CRL), or other type
of signed objects issued by the authority that are published at this repository
publication point, the manifest contains both the name of the file containing t
he object and a hash of the file content. Manifests are intended to enable a re
lying party (RP) to detect certain forms of attacks against a repository. Speci
fically, if an RP checks a manifest's contents against the signed objects retrie
ved from a repository publication point, then the RP can detect replay attacks,
and unauthorized in-flight modification or deletion of signed objects. This doc
ument obsoletes RFC 6486.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9286"/>
<seriesInfo name="DOI" value="10.17487/RFC9286"/>
</reference>
<reference anchor="POSIX" target="https://publications.opengroup.org/sta ndards/unix/c165"> <reference anchor="POSIX" target="https://publications.opengroup.org/sta ndards/unix/c165">
<front> <front>
<title>The Open Group's Base Specifications, Issue 7</title> <title>Base Specifications</title>
<author> <author>
<organization>IEEE and The Open Group</organization> <organization>IEEE and The Open Group</organization>
</author> </author>
<date year="2016"/> <date year="2016"/>
</front> </front>
<refcontent>Issue 7</refcontent>
<seriesInfo name="DOI" value="10.1109/IEEESTD.2016.7582338"/>
</reference> </reference>
</references> </references>
<references> <references>
<name>Informative References</name> <name>Informative References</name>
<reference anchor="IANA.ADDRESS-FAMILY-NUMBERS" target="http://www.iana.
org/assignments/address-family-numbers" xml:base="https://bib.ietf.org/public/rf <reference anchor="IANA.ADDRESS-FAMILY-NUMBERS" target="https://www.iana
c/bibxml-misc/reference.IANA.ADDRESS-FAMILY-NUMBERS.xml"> .org/assignments/address-family-numbers">
<front> <front>
<title>Address Family Numbers</title> <title>Address Family Numbers</title>
<author> <author>
<organization abbrev="IANA">Internet Assigned Numbers Authority</o rganization> <organization abbrev="IANA">Internet Assigned Numbers Authority</o rganization>
</author> </author>
<date day="19" month="October" year="2021"/>
</front>
</reference>
<reference anchor="I-D.ietf-sidrops-rpki-rta" target="https://www.ietf.o
rg/archive/id/draft-ietf-sidrops-rpki-rta-00.txt" xml:base="https://bib.ietf.org
/public/rfc/bibxml-ids/reference.I-D.ietf-sidrops-rpki-rta.xml">
<front>
<title>A profile for Resource Tagged Attestations (RTAs)</title>
<author fullname="George G. Michaelson">
<organization>Asia Pacific Network Information Centre</organizatio
n>
</author>
<author fullname="Geoff Huston">
<organization>Asia Pacific Network Information Centre</organizatio
n>
</author>
<author fullname="Tom Harrison">
<organization>Asia Pacific Network Information Centre</organizatio
n>
</author>
<author fullname="Tim Bruijnzeels">
<organization>NLNet Labs B.V.</organization>
</author>
<author fullname="Martin Hoffmann">
<organization>NLNet Labs B.V.</organization>
</author>
<date day="21" month="January" year="2021"/>
<abstract>
<t>This document defines a Cryptographic Message Syntax (CMS) prof
ile for a general purpose Resource Tagged Attestation (RTA), for use with the Re
source Public Key Infrastructure (RPKI). The objective is to allow an attestatio
n, in the form of an arbitrary digital object, to be signed "with resources", an
d for validation to provide an outcome of "valid with resources". The profile is
intended to provide for the signing of an attestation with an arbitrary set of
resources.</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-sidrops-rpki-rta-0
0"/>
</reference>
<reference anchor="RFC1952" target="https://www.rfc-editor.org/info/rfc1
952" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.1952.xml">
<front>
<title>GZIP file format specification version 4.3</title>
<author fullname="P. Deutsch" initials="P." surname="Deutsch"/>
<date month="May" year="1996"/>
<abstract>
<t>This specification defines a lossless compressed data format th
at is compatible with the widely used GZIP utility. This memo provides informat
ion for the Internet community. This memo does not specify an Internet standard
of any kind.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="1952"/>
<seriesInfo name="DOI" value="10.17487/RFC1952"/>
</reference>
<reference anchor="RFC6268" target="https://www.rfc-editor.org/info/rfc6
268" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6268.xml">
<front>
<title>Additional New ASN.1 Modules for the Cryptographic Message Sy
ntax (CMS) and the Public Key Infrastructure Using X.509 (PKIX)</title>
<author fullname="J. Schaad" initials="J." surname="Schaad"/>
<author fullname="S. Turner" initials="S." surname="Turner"/>
<date month="July" year="2011"/>
<abstract>
<t>The Cryptographic Message Syntax (CMS) format, and many associa
ted formats, are expressed using ASN.1. The current ASN.1 modules conform to th
e 1988 version of ASN.1. This document updates some auxiliary ASN.1 modules to
conform to the 2008 version of ASN.1; the 1988 ASN.1 modules remain the normativ
e version. There are no bits- on-the-wire changes to any of the formats; this i
s simply a change to the syntax. This document is not an Internet Standards Tra
ck specification; it is published for informational purposes.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6268"/>
<seriesInfo name="DOI" value="10.17487/RFC6268"/>
</reference>
<reference anchor="RFC6480" target="https://www.rfc-editor.org/info/rfc6
480" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6480.xml">
<front>
<title>An Infrastructure to Support Secure Internet Routing</title>
<author initials="M." surname="Lepinski" fullname="M. Lepinski">
<organization/>
</author>
<author initials="S." surname="Kent" fullname="S. Kent">
<organization/>
</author>
<date year="2012" month="February"/>
<abstract>
<t>This document describes an architecture for an infrastructure t
o support improved security of Internet routing. The foundation of this archite
cture is a Resource Public Key Infrastructure (RPKI) that represents the allocat
ion hierarchy of IP address space and Autonomous System (AS) numbers; and a dist
ributed repository system for storing and disseminating the data objects that co
mprise the RPKI, as well as other signed objects necessary for improved routing
security. As an initial application of this architecture, the document describe
s how a legitimate holder of IP address space can explicitly and verifiably auth
orize one or more ASes to originate routes to that address space. Such verifiab
le authorizations could be used, for example, to more securely construct BGP rou
te filters. This document is not an Internet Standards Track specification; it
is published for informational purposes.</t>
</abstract>
</front> </front>
<seriesInfo name="RFC" value="6480"/>
<seriesInfo name="DOI" value="10.17487/RFC6480"/>
</reference>
<reference anchor="RFC9255" target="https://www.rfc-editor.org/info/rfc9
255" xml:base="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9255.xml">
<front>
<title>The 'I' in RPKI Does Not Stand for Identity</title>
<author fullname="R. Bush" initials="R." surname="Bush"/>
<author fullname="R. Housley" initials="R." surname="Housley"/>
<date month="June" year="2022"/>
<abstract>
<t>There is a false notion that Internet Number Resources (INRs) i
n the RPKI can be associated with the real-world identity of the 'holder' of an
INR. This document specifies that RPKI does not associate to the INR holder.</t
>
</abstract>
</front>
<seriesInfo name="RFC" value="9255"/>
<seriesInfo name="DOI" value="10.17487/RFC9255"/>
</reference> </reference>
<!-- [I-D.ietf-sidrops-rpki-rta] IESG state Expired -->
<reference anchor="I-D.ietf-sidrops-rpki-rta" target="https://datatracker.ietf.o
rg/doc/html/draft-ietf-sidrops-rpki-rta-00">
<front>
<title>A profile for Resource Tagged Attestations (RTAs)</title>
<author fullname="George G. Michaelson" initials="G" surname="Michaelson">
<organization>Asia Pacific Network Information Centre</organization>
</author>
<author fullname="Geoff Huston" initials="G" surname="Huston">
<organization>Asia Pacific Network Information Centre</organization>
</author>
<author fullname="Tom Harrison" initials="T" surname="Harrison">
<organization>Asia Pacific Network Information Centre</organization>
</author>
<author fullname="Tim Bruijnzeels" initials="T" surname="Bruijnzeels">
<organization>NLNet Labs B.V.</organization>
</author>
<author fullname="Martin Hoffmann" initials="M" surname="Hoffman">
<organization>NLNet Labs B.V.</organization>
</author>
<date month="January" day="17" year="2021"/>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-sidrops-rpki-rta-00"/>
</reference>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.1952.
xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6268.
xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6480.
xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.9255.
xml"/>
<reference anchor="signify" target="https://man.openbsd.org/signify"> <reference anchor="signify" target="https://man.openbsd.org/signify">
<front> <front>
<title>signify - cryptographically sign and verify files</title> <title>signify - cryptographically sign and verify files</title>
<author initials="T." surname="Unangst"> <author initials="T." surname="Unangst">
<organization/> <organization/>
</author> </author>
<author initials="M." surname="Espie"> <author initials="M." surname="Espie">
<organization/> <organization/>
</author> </author>
<date year="2014" month="May"/>
</front>
</reference>
<reference anchor="rpki-rsc-demo" target="https://github.com/APNIC-net/r
pki-rsc-demo">
<front>
<title>A proof-of-concept for constructing and validating RPKI Signe
d Checklists (RSCs).</title>
<author initials="T." surname="Harrison">
<organization>APNIC</organization>
</author>
<date year="2021" month="February"/>
</front>
</reference>
<reference anchor="rpkimancer" target="https://github.com/benmaddison/rp
kimancer">
<front>
<title>rpkimancer</title>
<author initials="B." surname="Maddison">
<organization>Workonline</organization>
</author>
<date year="2021" month="May"/>
</front>
</reference>
<reference anchor="FORT" target="https://github.com/NICMx/FORT-validator
">
<front>
<title>FORT</title>
<author surname="FORT Validator">
<organization>LACNIC and NIC.MX</organization>
</author>
<date year="2021" month="May"/>
</front>
</reference>
<reference anchor="prover" target="https://github.com/lolepezy/rpki-prov
er/pull/126/files">
<front>
<title>rpki-prover</title>
<author initials="M." surname="Puzanov"/>
<date year="2022" month="september"/>
</front> </front>
</reference> </reference>
</references> </references>
</references> </references>
<section anchor="acknowledgements"> <section anchor="acknowledgements" numbered="false">
<name>Acknowledgements</name> <name>Acknowledgements</name>
<t> <t>
The authors wish to thank The authors wish to thank
George Michaelson, <contact fullname="George Michaelson"/>,
Geoff Huston, <contact fullname="Geoff Huston"/>,
Randy Bush, <contact fullname="Randy Bush"/>,
Stephen Kent, <contact fullname="Stephen Kent"/>,
Matt Lepinski, <contact fullname="Matt Lepinski"/>,
Rob Austein, <contact fullname="Rob Austein"/>,
Ted Unangst, <contact fullname="Ted Unangst"/>,
and Marc Espie and <contact fullname="Marc Espie"/>
for prior art. for prior art.
The authors thank Russ Housley for reviewing the ASN.1 notation and prov iding suggestions. The authors thank <contact fullname="Russ Housley"/> for reviewing the A SN.1 notation and providing suggestions.
The authors would like to thank The authors would like to thank
Nimrod Levy, <contact fullname="Nimrod Levy"/>,
Tim Bruijnzeels, <contact fullname="Tim Bruijnzeels"/>,
Alberto Leiva, <contact fullname="Alberto Leiva"/>,
Ties de Kock, <contact fullname="Ties de Kock"/>,
Peter Peele, <contact fullname="Peter Peele"/>,
Claudio Jeker, <contact fullname="Claudio Jeker"/>,
Theo Buehler, <contact fullname="Theo Buehler"/>,
Donald Eastlake, <contact fullname="Donald Eastlake 3rd"/>,
Erik Kline, <contact fullname="Erik Kline"/>,
Robert Wilton, <contact fullname="Robert Wilton"/>,
Roman Danyliw, <contact fullname="Roman Danyliw"/>,
Éric Vyncke, <contact fullname="Éric Vyncke"/>,
Lars Eggert, <contact fullname="Lars Eggert"/>,
Paul Wouters, <contact fullname="Paul Wouters"/>,
and Murray S. Kucherawy and <contact fullname="Murray S. Kucherawy"/>
for document review and suggestions. for document review and suggestions.
</t> </t>
</section> </section>
<section removeInRFC="true">
<name>Document changelog</name>
<section>
<name>changes from -10 -&gt; -11</name>
<ul>
<li>Incorporate feedback from Robert Wilton.</li>
<li>Incorporate feedback from Roman Danyliw.</li>
<li>Incorporate feedback from Éric Vyncke.</li>
<li>Add Mikhail Puzanov's implementation.</li>
<li>Incorporate feedback from Lars Eggert's review.</li>
<li>Incorporate feedback from Paul Wouters.</li>
<li>Incorporate feedback from Murray S. Kucherawy.</li>
</ul>
</section>
<section>
<name>changes from -09 -&gt; -10</name>
<ul>
<li>Incorporate SECDIR feedback.</li>
</ul>
</section>
<section>
<name>changes from -08 -&gt; -09</name>
<ul>
<li>Updated manifests refs to RFC9286</li>
<li>Added normative ref to RFC6268 (CMS)</li>
<li>Cleaned up ASN.1 formatting</li>
<li>Updated ASN.1 module OID following early allocation</li>
<li>Updated draft-ietf-sidrops-rpki-has-no-identity to RFC9255</li>
<li>Clean up IANA considerations</li>
</ul>
</section>
<section>
<name>changes from -07 -&gt; -08</name>
<ul>
<li>Theo requested explanation as to why fileName is OPTIONAL</li>
<li>Russ &amp; Randy requested implementor guidance when RFC3779-gener
ated data fails to decode</li>
<li>Added uniqueness constraints for fileName and hash contents</li>
<li>Improved validation and verification procedure description</li>
<li>Incorporated character-set constraints for fileName in ASN.1 modul
e</li>
</ul>
</section>
<section>
<name>changes from -06 -&gt; -07</name>
<ul>
<li>Change wire format to allow use of commonly deployed libcrypto API
s.</li>
</ul>
</section>
<section>
<name>changes from -05 -&gt; -06</name>
<ul>
<li>Non-content-related updates.</li>
</ul>
</section>
<section>
<name>changes from -04 -&gt; -05</name>
<ul>
<li>Ties contributed clarifications.</li>
</ul>
</section>
<section>
<name>changes from -03 -&gt; -04</name>
<ul>
<li>Alberto pointed out the asID validation also needs to be documente
d.</li>
</ul>
</section>
<section>
<name>changes from -02 -&gt; -03</name>
<ul>
<li>Reference the IANA assigned OID</li>
<li>Clarify validation rules</li>
</ul>
</section>
<section>
<name>changes from -01 -&gt; -02</name>
<ul>
<li>Clarify RSC is part of a puzzle, not panacea. Thanks Randy &amp; R
uss.</li>
</ul>
</section>
<section>
<name>changes from -00 -&gt; -01</name>
<ul>
<li>Readability improvements</li>
<li>Update document category to match the registry allocation policy r
equirement.</li>
</ul>
</section>
<section>
<name>individual submission phase</name>
<ul>
<li>
On-the-wire change: the 'Filename' switched from 'required' to 'opti
onal'.
Some SIDROPS Working Group participants proposed a checksum itself i
s the most minimal information required to address digital objects.
</li>
</ul>
</section>
</section>
</back> </back>
</rfc> </rfc>
 End of changes. 102 change blocks. 
829 lines changed or deleted 420 lines changed or added

This html diff was produced by rfcdiff 1.48.