| draft-ietf-sidr-rpki-oob-setup-07.txt | draft-ietf-sidr-rpki-oob-setup-08.txt | |||
|---|---|---|---|---|
| Network Working Group R. Austein | Network Working Group R. Austein | |||
| Internet-Draft Dragon Research Labs | Internet-Draft Dragon Research Labs | |||
| Intended status: Standards Track February 17, 2017 | Intended status: Standards Track February 22, 2017 | |||
| Expires: August 21, 2017 | Expires: August 26, 2017 | |||
| An Out-Of-Band Setup Protocol For RPKI Production Services | An Out-Of-Band Setup Protocol For RPKI Production Services | |||
| draft-ietf-sidr-rpki-oob-setup-07 | draft-ietf-sidr-rpki-oob-setup-08 | |||
| Abstract | Abstract | |||
| This note describes a simple out-of-band protocol to ease setup of | This note describes a simple out-of-band protocol to ease setup of | |||
| the RPKI provisioning and publication protocols between two parties. | the RPKI provisioning and publication protocols between two parties. | |||
| The protocol is encoded in a small number of XML messages, which can | The protocol is encoded in a small number of XML messages, which can | |||
| be passed back and forth by any mutually agreeable means which | be passed back and forth by any mutually agreeable means which | |||
| provides acceptable data integrity and authentication. | provides acceptable data integrity and authentication. | |||
| This setup protocol is not part of the provisioning or publication | This setup protocol is not part of the provisioning or publication | |||
| skipping to change at page 1, line 39 | skipping to change at page 1, line 39 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 21, 2017. | This Internet-Draft will expire on August 26, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 19 | skipping to change at page 2, line 19 | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. History . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. History . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Overview of the BPKI . . . . . . . . . . . . . . . . . . . . 3 | 3. Overview of the BPKI . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. Protocol Elements . . . . . . . . . . . . . . . . . . . . . . 6 | 5. Protocol Elements . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5.1. Common Protocol Elements . . . . . . . . . . . . . . . . 6 | 5.1. Common Protocol Elements . . . . . . . . . . . . . . . . 6 | |||
| 5.2. Protocol Messages . . . . . . . . . . . . . . . . . . . . 6 | 5.2. Protocol Messages . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5.2.1. <child_request/> . . . . . . . . . . . . . . . . . . 6 | 5.2.1. <child_request/> . . . . . . . . . . . . . . . . . . 7 | |||
| 5.2.2. <parent_response/> . . . . . . . . . . . . . . . . . 7 | 5.2.2. <parent_response/> . . . . . . . . . . . . . . . . . 7 | |||
| 5.2.3. <publisher_request/> . . . . . . . . . . . . . . . . 9 | 5.2.3. <publisher_request/> . . . . . . . . . . . . . . . . 9 | |||
| 5.2.4. <repository_response/> . . . . . . . . . . . . . . . 10 | 5.2.4. <repository_response/> . . . . . . . . . . . . . . . 11 | |||
| 5.3. <authorization/> . . . . . . . . . . . . . . . . . . . . 11 | 5.3. <authorization/> . . . . . . . . . . . . . . . . . . . . 12 | |||
| 5.4. <error/> . . . . . . . . . . . . . . . . . . . . . . . . 12 | 5.4. <error/> . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 6. Protocol Walk-Through . . . . . . . . . . . . . . . . . . . . 13 | 6. Protocol Walk-Through . . . . . . . . . . . . . . . . . . . . 14 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | |||
| 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19 | 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . 19 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 19 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . 19 | 10.2. Informative References . . . . . . . . . . . . . . . . . 20 | |||
| Appendix A. RelaxNG Schema . . . . . . . . . . . . . . . . . . . 19 | Appendix A. RelaxNG Schema . . . . . . . . . . . . . . . . . . . 20 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 21 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 1. Introduction | 1. Introduction | |||
| This note describes a small XML-based out-of-band protocol used to | This note describes a small XML-based out-of-band protocol used to | |||
| set up relationships between parents and children in the RPKI | set up relationships between parents and children in the RPKI | |||
| provisioning protocol ([RFC6492]) and between publishers and | provisioning protocol ([RFC6492]) and between publishers and | |||
| repositories in the RPKI publication protocol | repositories in the RPKI publication protocol | |||
| ([I-D.ietf-sidr-publication]). | ([I-D.ietf-sidr-publication]). | |||
| The basic function of this protocol is public key exchange, in the | The basic function of this protocol is public key exchange, in the | |||
| skipping to change at page 6, line 17 | skipping to change at page 6, line 17 | |||
| Each message in the protocol is a distinct XML element in the | Each message in the protocol is a distinct XML element in the | |||
| "http://www.hactrn.net/uris/rpki/rpki-setup/" XML namespace. | "http://www.hactrn.net/uris/rpki/rpki-setup/" XML namespace. | |||
| The outermost XML element of each message contains a version | The outermost XML element of each message contains a version | |||
| attribute. This document describes version 1 of the protocol. | attribute. This document describes version 1 of the protocol. | |||
| Appendix A is a [RelaxNG] schema for this protocol. The schema is | Appendix A is a [RelaxNG] schema for this protocol. The schema is | |||
| normative: in the event of a disagreement between the schema and the | normative: in the event of a disagreement between the schema and the | |||
| following textual description, the schema is authoritative. | following textual description, the schema is authoritative. | |||
| Since "1" is currently the only value allowed for the version | ||||
| attribute in the schema, an incorrect protocol version can be | ||||
| detected either by checking the version attribute directly or as a | ||||
| schema validation error. | ||||
| 5.1. Common Protocol Elements | 5.1. Common Protocol Elements | |||
| Most messages contain, among other things, a self-signed BPKI X.509 | Most messages contain, among other things, a self-signed BPKI X.509 | |||
| certificate. These certificates are represented as XML elements | certificate. These certificates are represented as XML elements | |||
| whose text value is the Base64 text encoding the DER representation | whose text value is the Base64 text encoding the DER representation | |||
| of the X.509 certificate. | of the X.509 certificate. | |||
| A number of attributes contain "handles". A handle in this protocol | A number of attributes contain "handles". A handle in this protocol | |||
| is a text string in the US-ASCII character set consisting of letters, | is a text string in the US-ASCII character set consisting of letters, | |||
| digits, and the special characters "/", "-", and "_". This protocol | digits, and the special characters "/", "-", and "_". This protocol | |||
| skipping to change at page 19, line 24 | skipping to change at page 19, line 44 | |||
| 10.1. Normative References | 10.1. Normative References | |||
| [I-D.ietf-sidr-delta-protocol] | [I-D.ietf-sidr-delta-protocol] | |||
| Bruijnzeels, T., Muravskiy, O., Weber, B., and R. Austein, | Bruijnzeels, T., Muravskiy, O., Weber, B., and R. Austein, | |||
| "RPKI Repository Delta Protocol", draft-ietf-sidr-delta- | "RPKI Repository Delta Protocol", draft-ietf-sidr-delta- | |||
| protocol-07 (work in progress), February 2017. | protocol-07 (work in progress), February 2017. | |||
| [I-D.ietf-sidr-publication] | [I-D.ietf-sidr-publication] | |||
| Weiler, S., Sonalker, A., and R. Austein, "A Publication | Weiler, S., Sonalker, A., and R. Austein, "A Publication | |||
| Protocol for the Resource Public Key Infrastructure | Protocol for the Resource Public Key Infrastructure | |||
| (RPKI)", draft-ietf-sidr-publication-10 (work in | (RPKI)", draft-ietf-sidr-publication-11 (work in | |||
| progress), January 2017. | progress), February 2017. | |||
| [RelaxNG] Clark, J., "RELAX NG Compact Syntax", OASIS , November | [RelaxNG] Clark, J., "RELAX NG Compact Syntax", OASIS , November | |||
| 2002, <https://www.oasis-open.org/committees/relax-ng/ | 2002, <https://www.oasis-open.org/committees/relax-ng/ | |||
| compact-20021121.html>. | compact-20021121.html>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", RFC 2119, BCP 14, March 1997. | Requirement Levels", RFC 2119, BCP 14, March 1997. | |||
| [RFC6492] Huston, G., Loomans, R., Ellacott, B., and R. Austein, "A | [RFC6492] Huston, G., Loomans, R., Ellacott, B., and R. Austein, "A | |||
| Protocol for Provisioning Resource Certificates", | Protocol for Provisioning Resource Certificates", | |||
| End of changes. 8 change blocks. | ||||
| 16 lines changed or deleted | 21 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||