On 18/07/11 12:53 AM, "Rob Austein" <[email protected]> wrote:
> This draft defines the mappings from filename extension (.cer, .roa,
> .crl, etc) to ASN.1 object type (X.509 certificate, ROA, CRL, etc).
>
> Without this mapping, relying party tools have no way of knowing what
> they're looking at in most cases, and would have to attempt to decode
> every object in various ways to see which (if any) worked. This would
> be tedious, error prone, and generally a bad idea.
>
This actually makes me wonder why the manifest (
draft-ietf-sidr-rpki-manifests) in:
FileAndHash ::= SEQUENCE {
file IA5String,
hash BIT STRING
}
Doesn't have a RPKIObjectIdentifier that tells the relying party what the
object it has just retrieved is in terms of ROA/CERT/etc, as a signed
attestation.
(and then an appropriate IANA registry for RPKIObjectIdentifier could then
be created and populated as a standards track)
If repos-struct was standards track and the naming scheme was the prime
mapping system then if a RPKI repository publication [1] point is
compromised (or even MiTM!) it would be a trivial exercise to perform some
substitutions on the filename to confuse (routing security downgrade DoS)
the relying party.
[1] Remember that the publication point is _just_ an rsync server (at this
stage).
Cheers
Terry
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
