At 12:17 AM +0000 4/4/11, George, Wes E [NTK] wrote:
...
Put another way, a lot of the folks involved in this protocol's
design and implementation are already intimately familiar with how
to manage things like ROAs to ensure that the underlying trust of
the system is not compromised.
A minor point: Certs are issued to represent resource holdings. ROAs are
signed by cert holders to authorize route origination. So, the primary security
concern in the RPKI is making sure that certs are issued to the right entities.
...
So I think that there is a need for a document that covers things
like identity and authority management, minimum levels of security
for key management, etc.
The right levels will vary, depending on where one is in the allocation
hierarchy. IANA and RIRs, and NIRs need to be very careful, as they
have the ability to mis-issue certs for very large blocks of
addresses. Big ISPs need to be careful, because they have large
allocations, but not so big as an RIR. Small
ISPs and PI space holders are less of a concern, because the adverse
impact of their mistakes are more limited. So, there is no
one-size-fits all secruity best practices model that we can define.
Basically, if you had to explain to someone how to ensure that the
ROAs that are being delegated are:
Certs are used to represent delegation, not ROAs.
1) Delegated to the right person (right company, and person
authorized to make the changes within the company)
2) Have a reasonable assumption that they will not be
compromised once delegated (proper key management)
3) Methods for managing breaches, either due to failures in #1
(disgruntled/former employee) or failures in #2
How would you do it?
if a CA makes an allocation error, it puts the offending certs on its CRL.
Are there existing documents we can use as a baseline and just fill
in some of the specific details in the form
of a few different use cases, such as RIR to primary resource
holder, resource holder to delegate, etc?
note that the RPKI CP provides top-level guidance for CA operations
(and RP behavior). Nore details about what a CA does re security
appears in the CPS for each CA. For example, RIPE's CPS is available
at
http://www.ripe.net/lir-services/resource-management/certification/cps
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
