At 9:27 AM -0400 7/21/10, David A. Cooper wrote:
Steve,
draft-ietf-sidr-res-certs-18 only calls for two CRL extensions:
authorityKeyIdentifier and cRLNumber. But even if it did call for
inclusion of an issuingDistributionPoint extension, what is the
compelling reason to mandate that the RPKI be designed in a manner
that is not X.509-compliant? Why take that risk when the problem
could so easily be avoided?
You are right about the RPKI CRL extensions; I misread the CRLDP text.
We disagree on your notion of what is and is not X.509 compliant, and
further discussion here is not likely to change that.
Nonetehless, the fundamental issue here is that an assumption of name
uniqueness for CAs in a PKI cannot be a viable basis for security.
Even if a PKI "mandates" such uniqueness, the mandate cannot be
enforced in the face of a malicious CA, since that CA can generate a
subordinate CA with any name it wishes. The RPKI will have about 30K
CAs, distributed around the world. Some will be in countries where,
today, local authorities fail to address well-documented, repeated
incidents of "bad" Internet behavior by identified actors. Thus it
would be unwise to have the security of the RPKI rest on the
assumption of CA name uniqueness.
The security requirement for CRLs in the RPKI is that the key used to
verify the CRL has to be the same as the key used to verify certs
issued by the CA in question. Adding the CRDLP URI to the CRL would
minimize the likelihood of a non-malicious name collision, but it is
not a secure basis for deciding whether an RP is using the "right"
CRL.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
