draft-ietf-sidr-publication-00.txt   draft-ietf-sidr-publication-01.txt 
Network Working Group S. Weiler Network Working Group S. Weiler
Internet-Draft A. Sonalker Internet-Draft A. Sonalker
Intended status: Standards Track SPARTA, Inc. Intended status: Standards Track SPARTA, Inc.
Expires: April 21, 2011 October 18, 2010 Expires: January 12, 2012 R. Austein
ISC
July 11, 2011
A Publication Protocol for the Resource Public Key Infrastructure (RPKI) A Publication Protocol for the Resource Public Key Infrastructure (RPKI)
draft-ietf-sidr-publication-00 draft-ietf-sidr-publication-01
Abstract Abstract
This document defines a protocol for publishing Resource Public Key This document defines a protocol for publishing Resource Public Key
Infrastructure (RPKI) objects. Even though the RPKI will have many Infrastructure (RPKI) objects. Even though the RPKI will have many
participants issuing certificates and creating other objects, it is participants issuing certificates and creating other objects, it is
operationally useful to consolidate the publication of those objects. operationally useful to consolidate the publication of those objects.
This document provides the protocol for that. This document provides the protocol for doing so.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2011. This Internet-Draft will expire on January 12, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Context . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Context . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Protocol Specification . . . . . . . . . . . . . . . . . . . . 4 3. Protocol Specification . . . . . . . . . . . . . . . . . . . . 4
3.1. Common Details . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Common Details . . . . . . . . . . . . . . . . . . . . . . 4
3.1.1. Common XML Message Format . . . . . . . . . . . . . . 4 3.1.1. Common XML Message Format . . . . . . . . . . . . . . 4
3.2. Control Protocol . . . . . . . . . . . . . . . . . . . . . 5 3.2. Control Sub-Protocol . . . . . . . . . . . . . . . . . . . 5
3.2.1. Config Object . . . . . . . . . . . . . . . . . . . . 5 3.2.1. Config Object . . . . . . . . . . . . . . . . . . . . 5
3.2.2. Client Object . . . . . . . . . . . . . . . . . . . . 5 3.2.2. Client Object . . . . . . . . . . . . . . . . . . . . 5
3.3. Publication Protocol . . . . . . . . . . . . . . . . . . . 6 3.3. Publication Sub-Protocol . . . . . . . . . . . . . . . . . 6
3.4. Error handling . . . . . . . . . . . . . . . . . . . . . . 6 3.4. Error handling . . . . . . . . . . . . . . . . . . . . . . 7
3.5. XML Schema . . . . . . . . . . . . . . . . . . . . . . . . 7 3.5. XML Schema . . . . . . . . . . . . . . . . . . . . . . . . 7
4. Operational Considerations . . . . . . . . . . . . . . . . . . 10 4. Operational Considerations . . . . . . . . . . . . . . . . . . 9
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
7.1. Normative References . . . . . . . . . . . . . . . . . . . 10 7.1. Normative References . . . . . . . . . . . . . . . . . . . 10
7.2. Informative References . . . . . . . . . . . . . . . . . . 11 7.2. Informative References . . . . . . . . . . . . . . . . . . 10
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction 1. Introduction
This document assumes a working knowledge of the Resource Public Key This document assumes a working knowledge of the Resource Public Key
Infrastructure (RPKI), which is intended to support improved routing Infrastructure (RPKI), which is intended to support improved routing
security on the Internet. [I-D.ietf-sidr-arch] security on the Internet. [I-D.ietf-sidr-arch]
In order to make participation in the RPKI easier, it is helpful to In order to make participation in the RPKI easier, it is helpful to
have a few consolidated repositories for RPKI objects, thus saving have a few consolidated repositories for RPKI objects, thus saving
every participant from the cost of maintaining a new service. every participant from the cost of maintaining a new service.
Similarly, clients using the RPKI objects will find it faster and Similarly, relying parties using the RPKI objects will find it faster
more reliable to retrieve the necessary set from a smaller number of and more reliable to retrieve the necessary set from a smaller number
repositories. of repositories.
These consolidated RPKI object repositories will in many cases be These consolidated RPKI object repositories will in many cases be
outside the administrative scope of the organization issuing a given outside the administrative scope of the organization issuing a given
RPKI object. Hence the need for a protocol to publish RPKI objects. RPKI object. Hence the need for a protocol to publish RPKI objects.
This document defines the RPKI publication protocol, including a sub- This document defines the RPKI publication protocol, including a sub-
protocol for configuring the publication engine. protocol for configuring the publication engine.
1.1. Terminology 1.1. Terminology
skipping to change at page 3, line 45 skipping to change at page 3, line 45
"Business Public Key Infrastructure" ("Business PKI" or "BPKI") "Business Public Key Infrastructure" ("Business PKI" or "BPKI")
refers to a PKI, separate from the RPKI, used to authenticate clients refers to a PKI, separate from the RPKI, used to authenticate clients
to the publication engine. to the publication engine.
2. Context 2. Context
This protocol was designed specifically for the case where an This protocol was designed specifically for the case where an
internet registry, already issuing RPKI certificates to its children, internet registry, already issuing RPKI certificates to its children,
also wishes to run a publication service for its children. also wishes to run a publication service for its children.
We use the term "Business PKI" here to suggest that an internet We use the term "Business PKI" here because an internet registry
registry might already have a PKI, separate from the RPKI, for might already have a PKI, separate from the RPKI, for authenticating
authenticating its clients and might wish to reuse that PKI for this its clients and might wish to reuse that PKI for this protocol. Such
protocol. Such reuse is not a requirement. reuse is not a requirement.
3. Protocol Specification 3. Protocol Specification
In summary, the publication protocol uses XML messages wrapped in In summary, the publication protocol uses XML messages wrapped in
CMS, carried over HTTP transport. CMS, carried over HTTP transport.
The publication procotol consists of two separate subprotocols. The The publication procotol consists of two separate subprotocols. The
first is a control protocol used to configure a publication engine. first is a control protocol used to configure a publication engine.
The second subprotocol, which we refer to by the overloaded term The second subprotocol, which we refer to by the overloaded term
"publication protocol", is used to request publication of specific "publication protocol", is used to request publication of specific
objects. The publication engine operates a single HTTP server on a objects. The publication engine operates a single HTTP server on a
single port. It distinguishes between the two protocols by using single port. It distinguishes between the two protocols by using
different URLs for them. different URLs for them.
3.1. Common Details 3.1. Common Details
This section discusses details that the two subprotocols have in This section discusses details that the two subprotocols have in
common, including the transport and CMS wrappers. This portion of common, including the transport and CMS wrappers.
the protocol is largely inherited from the provisioning protocol
([I-D.ietf-sidr-rescerts-provisioning]).
Both protocols use a simple request/response interaction. The client Both protocols use a simple request/response interaction. The client
passes a request to the server, and the server generates a passes a request to the server, and the server generates a
corresponding response. A message exchange commences with the client corresponding response.
initiating an HTTP POST with content type of "application/x-rpki",
with the message object as the body. The server's response will
similarly be the body of the response with a content type of
"application/x-rpki".
The content of the POST, and the server's response, will be a well- A message exchange commences with the client initiating an HTTP POST
with content type of "application/rpki-publication", with the message
object as the body. The server's response will similarly be the body
of the response with a content type of "application/
rpki-publication".
The content of the POST and the server's response will be a well-
formed Cryptographic Message Syntax (CMS) [RFC5652] object with OID = formed Cryptographic Message Syntax (CMS) [RFC5652] object with OID =
1.2.840.113549.1.7.2 as described in Section 3.1 of 1.2.840.113549.1.7.2 as described in Section 3.1 of
[I-D.ietf-sidr-rescerts-provisioning]. [I-D.ietf-sidr-rescerts-provisioning].
3.1.1. Common XML Message Format 3.1.1. Common XML Message Format
The publication protocol uses the same message passing design as the The XML schema for this protocol (including both subprotocols) is
provisioning protocol. The XML schema for this protocol (including below in Section 3.5. Both subprotocols use the same basic XML
both subprotocols) is below in Section 3.5. Both subprotocols use message format, which looks like:
the same basic XML message format, which looks like:
<?xml version='1.0' encoding='us-ascii'?> <?xml version='1.0' encoding='us-ascii'?>
<msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/" <msg xmlns="http://www.hactrn.net/uris/rpki/publication-spec/"
version="1" version="2"
type="message type"> type="message type">
[one or more PDUs] [one or more PDUs]
</msg> </msg>
version:
The value of this attribute is the version of this protocol.
This document describes version 1.
type: version:
The possible values of this attribute are "reply" and "query". The value of this attribute is the version of this protocol.
This document describes version 2.
3.2. Control Protocol type:
The possible values of this attribute are "reply" and "query".
The control protocol is used to configure a publication server. It A query PDU may be one of four types: config_query, client_query,
can set global variables (at the moment, limited to a BPKI CRL) and publish_query, or withdraw_query. The first two are used by the
manage clients who are allowed to publish data on the server. control sub-protocol, the latter two by the publication sub-protocol.
The control protocol has two objects: the <config/> object, and the A reply PDU may be one of five types: config_reply, client_reply,
<client/> object. publish_reply, withdraw_reply, or report_error_reply.
Each of these PDUs may include an optional tag to facilitate bulk
operation. If a tag is set in a query PDU, the corresponding
reply(s) MUST have the tag attribute set to the same value.
3.2. Control Sub-Protocol
The control sub-protocol is used to configure a publication server.
It can set global variables (at the moment, limited to a BPKI CRL)
and manage clients who are allowed to publish data on the server.
3.2.1. Config Object 3.2.1. Config Object
The <config/> object allows configuration of data that apply to the The <config/> object allows configuration of data that apply to the
entire publication server rather than a particular client. There is entire publication server rather than a particular client. There is
exactly one <config/> object in the publication server, and it only exactly one <config/> object in the publication server, and it only
supports the "set" and "get" actions -- it cannot be created or supports the "set" and "get" actions -- it cannot be created or
destroyed. destroyed. Its use is typically restricted to the repository
operator.
The <config/> object only has one data element that can be set: the The <config/> object only has one data element that can be set: the
bpki_crl. This is used by the publication server when authenticating bpki_crl. This is used by the publication server when authenticating
clients. clients.
3.2.2. Client Object 3.2.2. Client Object
Unlike the <config/> object the <client/> object represents one Unlike the <config/> object, the <client/> object represents one
client authorized to use the publication server. client authorized to use the publication server. There may well be
more than one <client/> object on each publication server. Again,
its use is typically restricted to the respository operator.
The <client/> object supports five actions: "create", "set", "get", The <client/> object supports five actions: "create", "set", "get",
"list", and "destroy". Each client has a "client_handle" attribute, "list", and "destroy". Each client has a "client_handle" attribute,
which is used in responses and must be specified in "create", "set", which is used in responses and must be specified in "create", "set",
"get", or "destroy" actions. "get", or "destroy" actions.
Payload data which can be configured in a <client/> object include: Payload data which can be configured in a <client/> object include:
o base_uri (attribute): This attribute represents the base URI below o base_uri (attribute): This attribute represents the base URI below
which the client will be allowed to publish data. Additional which the client will be allowed to publish data. Additional
constraints may be imposed by the Publication Server in certain constraints may be imposed by the publication server in certain
cases, for e.g., a child publishing directly under its parent. cases, for e.g., a child publishing directly under its parent.
o bpki_cert (element): This represents the X509 BPKI CA certificate
o bpki_cert (element): This represents the X.509 BPKI CA certificate
for this client. This should be used as part of the certificate for this client. This should be used as part of the certificate
chain when validating incoming TLS and CMS messages. Two valid chain when validating incoming CMS messages. Two valid approaches
approaches exist. If the optional bpki_glue certificate is being exist. If the optional bpki_glue certificate is being used, then
used, then the bpki_cert certificate should be issued by the the bpki_cert certificate should be issued by the bpki_glue
bpki_glue certificate; otherwise, the bpki_cert certificate should certificate; otherwise, the bpki_cert certificate should be issued
be issued by the publication engine's bpki_ta certificate. by the publication engine's bpki_ta certificate.
o bpki_glue (element): This is an additional (optional) type of X509
certificate for this client. It may be used in certain o bpki_glue (element): This is an additional (optional) type of
X.509 certificate for this client. It may be used in certain
pathological cross-certification cases which require a two- pathological cross-certification cases which require a two-
certificate chain due to issuer name conflicts. When being used, certificate chain due to issuer name conflicts. When being used,
issuing order is that the bpki_glue certificate should be the issuing order is that the bpki_glue certificate should be the
issuer of the bpki_cert certificate. Otherwise, it should be issuer of the bpki_cert certificate. Otherwise, it should be
issued by the publication engine's bpki_ta certificate. Since issued by the publication engine's bpki_ta certificate. Since
this is an optional use certificate, it may be left unset if not this is an optional use certificate, it may be left unset if not
needed. needed.
3.3. Publication Protocol 3.3. Publication Sub-Protocol
The publication protocol is structured differently from the control The sub-publication protocol requests publication or withdrawal from
protocol in that objects in the publication protocol represent publication of RPKI objects.
objects to be published or objects to be withdrawn from publication.
Each kind of object supports two actions: "publish" and "withdraw". The publication protocol uses a common message format to request
In each case the XML element representing the object to be published publication of any RPKI object. This format was chosen specifically
or withdrawn has a "uri" attribute which contains the publication to allow this protocol to accommodate new types of RPKI objects
URI. For "publish" actions, the XML element body contains the DER without needing changes to this protocol.
object to be published, encoded in Base64; for "withdraw" actions,
the XML element body is empty.
The publication protocol uses four types of objects: Both the <publish/> and <withdraw/> objects have a payload of an
o Certificate Object: The <certificate/> object represents an RPKI optional tag and a URI. The <publish/> query also contains the DER
certificate to be published or withdrawn. object to be published, encoded in Base64.
o CRL Object: The <crl/> object represents an RPKI CRL to be
published or withdrawn.
o Manifest Object: The <manifest/> object represents an RPKI
publication manifest to be published or withdrawn. See
[I-D.ietf-sidr-rpki-manifests] for more information on manifests.
o ROA Object: The <roa/> object represents a ROA to be published or
withdrawn. See [I-D.ietf-sidr-roa-format] for more information on
ROAs.
Note that every publication or withdrawal action requires a new Note that every publish and withdraw action requires a new manifest,
manifest, thus every publication or withdrawal action will involve at thus every publish or withdraw action will involve at least two
least two objects. objects.
3.4. Error handling 3.4. Error handling
Errors are handled similarly in both subprotocols, and they're Errors are handled similarly in both subprotocols, and they're
handled at two levels. handled at two levels.
Since all messages in this protocol are conveyed over HTTP Since all messages in this protocol are conveyed over HTTP
connections, basic errors are indicated via the HTTP response code. connections, basic errors are indicated via the HTTP response code.
4xx and 5xx responses indicate that something bad happened. Errors 4xx and 5xx responses indicate that something bad happened. Errors
that make it impossible to decode a query or encode a response are that make it impossible to decode a query or encode a response are
handled in this way. handled in this way.
Where possible, errors will result in an XML <report_error/> message Where possible, errors will result in an XML <report_error/> message
which takes the place of the expected protocol response message. which takes the place of the expected protocol response message.
<report_error/> messages are CMS-signed XML messages like the rest of <report_error/> messages are CMS-signed XML messages like the rest of
this protocol, and thus can be archived to provide an audit trail. this protocol, and thus can be archived to provide an audit trail.
<report_error/> messages only appear in replies, never in queries. <report_error/> messages only appear in replies, never in queries.
skipping to change at page 7, line 18 skipping to change at page 7, line 27
Where possible, errors will result in an XML <report_error/> message Where possible, errors will result in an XML <report_error/> message
which takes the place of the expected protocol response message. which takes the place of the expected protocol response message.
<report_error/> messages are CMS-signed XML messages like the rest of <report_error/> messages are CMS-signed XML messages like the rest of
this protocol, and thus can be archived to provide an audit trail. this protocol, and thus can be archived to provide an audit trail.
<report_error/> messages only appear in replies, never in queries. <report_error/> messages only appear in replies, never in queries.
The <report_error/> message can appear in both the control and The <report_error/> message can appear in both the control and
publication subprotocols. publication subprotocols.
The <report_error/> message includes an optional "tag" attribute to Like all other messages in this protocol, the <report_error/> message
assist in matching the error with a particular query when using includes a "tag" attribute to assist in matching the error with a
batching. particular query when using batching. It is optional to set the tag
on queries but, if set on the query, it MUST be set on the reply or
error.
The error itself is conveyed in the error_code (attribute). The The error itself is conveyed in the error_code (attribute). The
value of this attribute is a token indicating the specific error that value of this attribute is a token indicating the specific error that
occurred. [TODO: define these tokens] occurred.
The body of the <report_error/> element itself is an optional text The body of the <report_error/> element itself is an optional text
string; if present, this is debugging information. At present this string; if present, this is debugging information.
capabilty is not used, debugging information goes to syslog.
3.5. XML Schema 3.5. XML Schema
The following is a RelaxNG compact form schema describing the The following is a RelaxNG compact form schema describing the
Publication Protocol. Publication Protocol.
default namespace = "http://www.hactrn.net/uris/rpki/publication-spec/" default namespace = "http://www.hactrn.net/uris/rpki/publication-spec/"
# Top level PDU # Top level PDU
start = element msg {
start = element msg { attribute version { xsd:positiveInteger { attribute version { "2" } ,
maxInclusive="1" } }, ((attribute type { "query" }, query_elt*) | ( ( attribute type { "query" }, query_elt*) |
(attribute type { "reply" }, reply_elt*)) } (attribute type { "reply" }, reply_elt*))
}
# PDUs allowed in a query # PDUs allowed in a query
query_elt = ( config_query | client_query | certificate_query | query_elt = ( config_query | client_query | publish_query |
crl_query | manifest_query | roa_query ) withdraw_query )
# PDUs allowed in a reply # PDUs allowed in a reply
reply_elt = ( config_reply | client_reply | certificate_reply | reply_elt = ( config_reply | client_reply | publish_reply |
crl_reply | manifest_reply | roa_reply | report_error_reply ) withdraw_reply | report_error_reply )
# Tag attributes for bulk operations # Tag attributes for bulk operations
tag = attribute tag { xsd:token {maxLength="1024" } } tag = attribute tag { xsd:token {maxLength="1024" } }
# Base64 encoded DER stuff # Base64 encoded DER stuff
base64 = xsd:base64Binary { maxLength="512000" } base64 = xsd:base64Binary
# Publication URLs # Publication URLs
uri_t = xsd:anyURI { maxLength="4096" } uri_t = xsd:anyURI { maxLength="4096" }
uri = attribute uri { uri_t } uri = attribute uri { uri_t }
# Handles on remote objects (replaces passing raw SQL IDs). NB: # Handles on remote objects (replaces passing raw SQL IDs). NB:
# Unlike the up-down protocol, handles in this protocol allow "/" as a # Unlike the up-down protocol, handles in this protocol allow
# hierarchy delimiter. # "/" as a hierarchy delimiter.
object_handle = xsd:string { maxLength="255" pattern="[\-_A-Za-z0-9/]*" } object_handle = xsd:string {
maxLength="255" pattern="[\-_A-Za-z0-9/]*" }
# <config/> element (use restricted to repository operator) # <config/> element (use restricted to repository operator)
# config_handle attribute, create, list, and destroy commands omitted # config_handle attribute: create, list, and destroy commands
# deliberately, see code for details # omitted deliberately.
config_payload = (element bpki_crl { base64 }?) config_payload = (element bpki_crl { base64 }?)
config_query |= element config { attribute action { "set" }, tag?, config_query |= element config { attribute action { "set" }, tag?,
config_payload } config_payload }
config_reply |= element config { attribute action { "set" }, tag? } config_reply |= element config { attribute action { "set" }, tag? }
config_query |= element config { attribute action { "get" }, tag? } config_query |= element config { attribute action { "get" }, tag? }
config_reply |= element config { attribute action { "get" }, tag?, config_reply |= element config { attribute action { "get" }, tag?,
config_payload } config_payload }
# <client/> element (use restricted to repository operator) # <client/> element (use restricted to repository operator)
client_handle = attribute client_handle { object_handle } client_handle = attribute client_handle { object_handle }
client_payload = (attribute base_uri { uri_t }?, element bpki_cert { client_payload = (attribute base_uri { uri_t }?, element bpki_cert {
base64 }?, element bpki_glue { base64 }?) base64 }?, element bpki_glue { base64 }?)
client_query |= element client { attribute action { "create" },
client_query |= element client { attribute action { "create" }, tag?, tag?, client_handle, client_payload }
client_handle, client_payload } client_reply |= element client { attribute action { "create" },
client_reply |= element client { attribute action { "create" }, tag?, tag?, client_handle }
client_handle }
client_query |= element client { attribute action { "set" }, tag?, client_query |= element client { attribute action { "set" }, tag?,
client_handle, client_payload } client_handle, client_payload }
client_reply |= element client { attribute action { "set" }, tag?, client_reply |= element client { attribute action { "set" }, tag?,
client_handle } client_handle }
client_query |= element client { attribute action { "get" }, tag?, client_query |= element client { attribute action { "get" }, tag?,
client_handle } client_handle }
client_reply |= element client { attribute action { "get" }, tag?, client_reply |= element client { attribute action { "get" }, tag?,
client_handle, client_payload } client_handle, client_payload }
client_query |= element client { attribute action { "list" }, tag? } client_query |= element client { attribute action { "list" }, tag? }
client_reply |= element client { attribute action { "list" }, tag?, client_reply |= element client { attribute action { "list" }, tag?,
client_handle, client_payload } client_handle, client_payload }
client_query |= element client { attribute action { "destroy" }, tag?, client_query |= element client { attribute action { "destroy" },
client_handle } tag?, client_handle }
client_reply |= element client { attribute action { "destroy" }, tag?, client_reply |= element client { attribute action { "destroy" },
client_handle } tag?, client_handle }
# <certificate/> element
certificate_query |= element certificate { attribute action {
"publish" }, tag?, uri, base64 }
certificate_reply |= element certificate { attribute action {
"publish" }, tag?, uri }
certificate_query |= element certificate { attribute action {
"withdraw" }, tag?, uri }
certificate_reply |= element certificate { attribute action {
"withdraw" }, tag?, uri }
# <crl/> element
crl_query |= element crl { attribute action { "publish" }, tag?, uri,
base64 }
crl_reply |= element crl { attribute action { "publish" }, tag?, uri }
crl_query |= element crl { attribute action { "withdraw" }, tag?, uri }
crl_reply |= element crl { attribute action { "withdraw" }, tag?, uri }
# <manifest/> element
manifest_query |= element manifest { attribute action { "publish" },
tag?, uri, base64 }
manifest_reply |= element manifest { attribute action { "publish" },
tag?, uri }
manifest_query |= element manifest { attribute action { "withdraw" },
tag?, uri }
manifest_reply |= element manifest { attribute action { "withdraw" },
tag?, uri }
# <roa/> element # <publish/> element
publish_query |= element publish { tag?, uri, base64 }
publish_reply |= element publish { tag?, uri }
roa_query |= element roa { attribute action { "publish" }, tag?, uri, # <withdraw/> element
base64 } withdraw_query |= element withdraw { tag?, uri }
roa_reply |= element roa { attribute action { "publish" }, tag?, uri } withdraw_reply |= element withdraw { tag?, uri }
roa_query |= element roa { attribute action { "withdraw" }, tag?, uri }
roa_reply |= element roa { attribute action { "withdraw" }, tag?, uri }
# <report_error/> element # <report_error/> element
error = xsd:token { maxLength="1024" } error = xsd:token { maxLength="1024" }
report_error_reply = element report_error { report_error_reply = element report_error {
tag?, tag?,
attribute error_code { error }, attribute error_code { error },
xsd:string { maxLength="512000" }? xsd:string { maxLength="512000" }?
} }
4. Operational Considerations 4. Operational Considerations
Placeholder section to talk about nesting children under parents in Placeholder section to talk about nesting children under parents in
the sameso repository, to allow for a single rsync to fetch both the same repository, to allow for a single rsync to fetch both
(observing that the rsync setup times tends to dominate over the sync (observing that the rsync setup times tends to dominate over the sync
time). And, more distressingly, talk about the access control time). And, more distressingly, talk about the access control
impacts of that nesting. impacts of that nesting.
5. IANA Considerations 5. IANA Considerations
This document specifies no IANA Actions. IANA is asked to register the application/rpki-publication MIME media
type as follows:
MIME media type name: application
MIME subtype name: rpki-publication
Required parameters: None
Optional parameters: None
Encoding considerations: binary
Security considerations: Carries an RPKI Publication Protocol
Message, as defined in this document.
Interoperability considerations: None
Published specification: This document
Applications which use this media type: HTTP
Additional information:
Magic number(s): None
File extension(s):
Macintosh File Type Code(s):
Person & email address to contact for further information:
Rob Austein <sra@isc.org>
Intended usage: COMMON
Author/Change controller: Rob Austein <sra@isc.org>
6. Security Considerations 6. Security Considerations
7. References 7. References
7.1. Normative References 7.1. Normative References
[I-D.ietf-sidr-res-certs]
Huston, G., Michaelson, G., and R. Loomans, "A Profile for
X.509 PKIX Resource Certificates",
draft-ietf-sidr-res-certs-19 (work in progress),
October 2010.
[I-D.ietf-sidr-rescerts-provisioning] [I-D.ietf-sidr-rescerts-provisioning]
Huston, G., Loomans, R., Ellacott, B., and R. Austein, "A Huston, G., Loomans, R., Ellacott, B., and R. Austein, "A
Protocol for Provisioning Resource Certificates", Protocol for Provisioning Resource Certificates",
draft-ietf-sidr-rescerts-provisioning-07 (work in draft-ietf-sidr-rescerts-provisioning-10 (work in
progress), October 2010. progress), June 2011.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008.
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
RFC 5652, September 2009. RFC 5652, September 2009.
[X.690] Postel, J., "ITU-T Recommendation X.690: ISO/IEC 8825-
1:2002, Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER), Canonical
Encoding Rules (CER) and Distinguished Encoding Rules
(DER)", 2002.
7.2. Informative References 7.2. Informative References
[I-D.ietf-sidr-arch] [I-D.ietf-sidr-arch]
Lepinski, M. and S. Kent, "An Infrastructure to Support Lepinski, M. and S. Kent, "An Infrastructure to Support
Secure Internet Routing", draft-ietf-sidr-arch-11 (work in Secure Internet Routing", draft-ietf-sidr-arch-13 (work in
progress), September 2010. progress), May 2011.
[I-D.ietf-sidr-roa-format]
Lepinski, M., Kent, S., and D. Kong, "A Profile for Route
Origin Authorizations (ROAs)",
draft-ietf-sidr-roa-format-07 (work in progress),
July 2010.
[I-D.ietf-sidr-rpki-manifests]
Austein, R., Huston, G., Kent, S., and M. Lepinski,
"Manifests for the Resource Public Key Infrastructure",
draft-ietf-sidr-rpki-manifests-08 (work in progress),
October 2010.
Appendix A. Acknowledgments
We acknowledge the editors of [I-D.ietf-sidr-rescerts-provisioning]
(Geoff Huston, Robert Loomans, Byron Ellacott, and Rob Austein), from
whom we took some of the text for this document.
We especially thank Rob Austein, who implemented the publication
protocol and helped us to understand it.
Authors' Addresses Authors' Addresses
Samuel Weiler Samuel Weiler
SPARTA, Inc. SPARTA, Inc.
7110 Samuel Morse Drive 7110 Samuel Morse Drive
Columbia, Maryland 21046 Columbia, Maryland 21046
US US
Email: weiler@sparta.com Email: weiler@tislabs.com
Anuja Sonalker Anuja Sonalker
SPARTA, Inc. SPARTA, Inc.
7110 Samuel Morse Drive 7110 Samuel Morse Drive
Columbia, Maryland 21046 Columbia, Maryland 21046
US US
Email: Anuja.Sonalker@sparta.com Email: Anuja.Sonalker@sparta.com
Rob Austein
ISC
950 Charter Street
Redwood City, CA 94063
USA
Email: sra@isc.org
 End of changes. 60 change blocks. 
211 lines changed or deleted 156 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/