draft-ietf-sidr-publication-11.txt   draft-ietf-sidr-publication-12.txt 
Network Working Group S. Weiler Network Working Group S. Weiler
Internet-Draft W3C / MIT Internet-Draft W3C / MIT
Intended status: Standards Track A. Sonalker Intended status: Standards Track A. Sonalker
Expires: August 21, 2017 TowerSec Expires: September 12, 2017 TowerSec
R. Austein R. Austein
Dragon Research Labs Dragon Research Labs
February 17, 2017 March 11, 2017
A Publication Protocol for the Resource Public Key Infrastructure (RPKI) A Publication Protocol for the Resource Public Key Infrastructure (RPKI)
draft-ietf-sidr-publication-11 draft-ietf-sidr-publication-12
Abstract Abstract
This document defines a protocol for publishing Resource Public Key This document defines a protocol for publishing Resource Public Key
Infrastructure (RPKI) objects. Even though the RPKI will have many Infrastructure (RPKI) objects. Even though the RPKI will have many
participants issuing certificates and creating other objects, it is participants issuing certificates and creating other objects, it is
operationally useful to consolidate the publication of those objects. operationally useful to consolidate the publication of those objects.
Even in cases where a certificate issuer runs their own publication Even in cases where a certificate issuer runs their own publication
repository, it can be useful to run the certificate engine itself on repository, it can be useful to run the certificate engine itself on
a different machine from the publication repository. This document a different machine from the publication repository. This document
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 21, 2017. This Internet-Draft will expire on September 12, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 5, line 19 skipping to change at page 5, line 19
"Business Public Key Infrastructure" ("Business PKI" or "BPKI") "Business Public Key Infrastructure" ("Business PKI" or "BPKI")
refers to a PKI, separate from the RPKI, used to authenticate clients refers to a PKI, separate from the RPKI, used to authenticate clients
to the publication engine. We use the term "Business PKI" here to the publication engine. We use the term "Business PKI" here
because an Internet registry might already have a PKI for because an Internet registry might already have a PKI for
authenticating its clients and might wish to reuse that PKI for this authenticating its clients and might wish to reuse that PKI for this
protocol. There is, however, no requirement to reuse such a PKI. protocol. There is, however, no requirement to reuse such a PKI.
2. Protocol Specification 2. Protocol Specification
The publication protocol uses XML ([XML]) messages wrapped in signed The publication protocol uses XML ([XML]) messages wrapped in signed
CMS messages, carried over HTTP transport ([RFC2616]). The CMS CMS messages, carried over HTTP transport ([RFC7230]). The CMS
encapsulation is identical to that used in [RFC6492], section 3.1 and encapsulation is identical to that used in [RFC6492], section 3.1 and
subsections. subsections.
The publication protocol uses a simple request/response interaction. The publication protocol uses a simple request/response interaction.
The client passes a request to the server, and the server generates a The client passes a request to the server, and the server generates a
corresponding response. corresponding response.
A message exchange commences with the client initiating an HTTP POST A message exchange commences with the client initiating an HTTP POST
with content type of "application/rpki-publication", with the message with content type of "application/rpki-publication", with the message
object as the body. The server's response will similarly be the body object as the body. The server's response will similarly be the body
skipping to change at page 6, line 52 skipping to change at page 6, line 52
tagging MAY use any syntactically legal value, including simply using tagging MAY use any syntactically legal value, including simply using
the empty string for all tag fields. the empty string for all tag fields.
This document describes version 4 of this protocol. An This document describes version 4 of this protocol. An
implementation which understands only this version of the protocol implementation which understands only this version of the protocol
MUST reject messages with a different protocol version attribute, MUST reject messages with a different protocol version attribute,
signalling the error as described in Section 2.4. Since "4" is signalling the error as described in Section 2.4. Since "4" is
currently the only value allowed for the version attribute in the currently the only value allowed for the version attribute in the
schema (Section 2.6), an incorrect protocol version can be detected schema (Section 2.6), an incorrect protocol version can be detected
either by checking the version attribute directly or as a schema either by checking the version attribute directly or as a schema
validation error. validation error. Any future update to this protocol which is either
syntactically or semantically incompatible with the current version
will need to increment the protocol version number.
2.2. Publication and Withdrawal 2.2. Publication and Withdrawal
The publication protocol uses a common message format to request The publication protocol uses a common message format to request
publication of any RPKI object. This format was chosen specifically publication of any RPKI object. This format was chosen specifically
to allow this protocol to accommodate new types of RPKI objects to allow this protocol to accommodate new types of RPKI objects
without needing changes to this protocol. without needing changes to this protocol.
Both the <publish/> and <withdraw/> PDUs have a payload of a tag and Both the <publish/> and <withdraw/> PDUs have a payload of a tag and
an rsync URI ([RFC3986], [RFC5781]). The <publish/> query also an rsync URI ([RFC3986], [RFC5781]). The <publish/> query also
skipping to change at page 18, line 39 skipping to change at page 18, line 39
7.1. Normative References 7.1. Normative References
[RelaxNG] Clark, J., "RELAX NG Compact Syntax", OASIS , November [RelaxNG] Clark, J., "RELAX NG Compact Syntax", OASIS , November
2002, <https://www.oasis-open.org/committees/relax-ng/ 2002, <https://www.oasis-open.org/committees/relax-ng/
compact-20021121.html>. compact-20021121.html>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, BCP 14, March 1997. Requirement Levels", RFC 2119, BCP 14, March 1997.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", RFC 3986, Resource Identifier (URI): Generic Syntax", RFC 3986,
STD 66, January 2005. STD 66, January 2005.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, October 2006. Encodings", RFC 4648, October 2006.
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)",
RFC 5652, STD 70, September 2009. RFC 5652, STD 70, September 2009.
[RFC5781] Weiler, S., Ward, D., and R. Housley, "The rsync URI [RFC5781] Weiler, S., Ward, D., and R. Housley, "The rsync URI
Scheme", RFC 5781, February 2010. Scheme", RFC 5781, February 2010.
[RFC6492] Huston, G., Loomans, R., Ellacott, B., and R. Austein, "A [RFC6492] Huston, G., Loomans, R., Ellacott, B., and R. Austein, "A
Protocol for Provisioning Resource Certificates", Protocol for Provisioning Resource Certificates",
RFC 6492, February 2012. RFC 6492, February 2012.
[RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Message Syntax and Routing", RFC 7230, June
2014.
[SHS] National Institute of Standards and Technology, "Secure [SHS] National Institute of Standards and Technology, "Secure
Hash Standard", FIPS PUB 180-4, March 2012, Hash Standard", FIPS PUB 180-4, March 2012,
<http://csrc.nist.gov/publications/fips/fips180-4/ <http://csrc.nist.gov/publications/fips/fips180-4/
fips-180-4.pdf>. fips-180-4.pdf>.
[XML] Cowan, J., "Extensible Markup Language (XML) 1.1", W3C CR [XML] Cowan, J., "Extensible Markup Language (XML) 1.1", W3C CR
CR-xml11-20021015, October 2002. CR-xml11-20021015, October 2002.
7.2. Informative References 7.2. Informative References
[I-D.ietf-sidr-delta-protocol] [I-D.ietf-sidr-delta-protocol]
Bruijnzeels, T., Muravskiy, O., Weber, B., and R. Austein, Bruijnzeels, T., Muravskiy, O., Weber, B., and R. Austein,
"RPKI Repository Delta Protocol", draft-ietf-sidr-delta- "RPKI Repository Delta Protocol", draft-ietf-sidr-delta-
protocol-07 (work in progress), February 2017. protocol-07 (work in progress), February 2017.
[I-D.ietf-sidr-rpki-oob-setup] [I-D.ietf-sidr-rpki-oob-setup]
Austein, R., "An Out-Of-Band Setup Protocol For RPKI Austein, R., "An Out-Of-Band Setup Protocol For RPKI
Production Services", draft-ietf-sidr-rpki-oob-setup-06 Production Services", draft-ietf-sidr-rpki-oob-setup-09
(work in progress), January 2017. (work in progress), February 2017.
[RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support [RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support
Secure Internet Routing", RFC 6480, February 2012. Secure Internet Routing", RFC 6480, February 2012.
Authors' Addresses Authors' Addresses
Samuel Weiler Samuel Weiler
W3C / MIT W3C / MIT
Email: weiler@csail.mit.edu Email: weiler@csail.mit.edu
 End of changes. 9 change blocks. 
12 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/