Diff: draft-ietf-sidrops-aspa-profile-01.txt - draft-ietf-sidrops-aspa-profile-02.txt

	draft-ietf-sidrops-aspa-profile-01.txt	draft-ietf-sidrops-aspa-profile-02.txt

	Network Working Group A. Azimov	Network Working Group A. Azimov
	Internet-Draft Yandex	Internet-Draft Yandex
	Intended status: Standards Track E. Uskov	Intended status: Standards Track E. Uskov

	Expires: May 7, 2020 Qrator Labs	Expires: September 10, 2020 JetLend
	R. Bush	R. Bush
	Internet Initiative Japan	Internet Initiative Japan
	K. Patel	K. Patel
	Arrcus	Arrcus
	J. Snijders	J. Snijders
	NTT	NTT
	R. Housley	R. Housley
	Vigil Security	Vigil Security

	November 4, 2019	March 9, 2020

	A Profile for Autonomous System Provider Authorization	A Profile for Autonomous System Provider Authorization

	draft-ietf-sidrops-aspa-profile-01	draft-ietf-sidrops-aspa-profile-02

	Abstract	Abstract

	This document defines a standard profile for Autonomous System	This document defines a standard profile for Autonomous System
	Provider Authorization in the Resource Public Key Infrastructure. An	Provider Authorization in the Resource Public Key Infrastructure. An
	Autonomous System Provider Authorization is a digitally signed object	Autonomous System Provider Authorization is a digitally signed object
	that provides a means of verifying that a Customer Autonomous System	that provides a means of verifying that a Customer Autonomous System
	holder has authorized members of Provider set to be its upstream	holder has authorized members of Provider set to be its upstream
	providers and for the Providers to send prefixes received from the	providers and for the Providers to send prefixes received from the
	Customer Autonomous System in all directions including providers and	Customer Autonomous System in all directions including providers and

	skipping to change at page 2, line 10 ¶	skipping to change at page 2, line 10 ¶
	Internet-Drafts are working documents of the Internet Engineering	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.	Drafts is at https://datatracker.ietf.org/drafts/current/.

	Internet-Drafts are draft documents valid for a maximum of six months	Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."	material or to cite them other than as "work in progress."


	This Internet-Draft will expire on May 7, 2020.	This Internet-Draft will expire on September 10, 2020.

	Copyright Notice	Copyright Notice


	Copyright (c) 2019 IETF Trust and the persons identified as the	Copyright (c) 2020 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents	Provisions Relating to IETF Documents
	(https://trustee.ietf.org/license-info) in effect on the date of	(https://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents	publication of this document. Please review these documents
	carefully, as they describe your rights and restrictions with respect	carefully, as they describe your rights and restrictions with respect
	to this document. Code Components extracted from this document must	to this document. Code Components extracted from this document must
	include Simplified BSD License text as described in Section 4.e of	include Simplified BSD License text as described in Section 4.e of
	the Trust Legal Provisions and are provided without warranty as	the Trust Legal Provisions and are provided without warranty as

	skipping to change at page 3, line 43 ¶	skipping to change at page 3, line 43 ¶
	numerical value of 1.2.840.113549.1.9.16.1.TBD. This OID MUST appear	numerical value of 1.2.840.113549.1.9.16.1.TBD. This OID MUST appear
	both within the eContentType in the encapContentInfo structure as	both within the eContentType in the encapContentInfo structure as
	well as the content-type signed attribute within the signerInfo	well as the content-type signed attribute within the signerInfo
	structure (see [RFC6488]).	structure (see [RFC6488]).

	3. The ASPA eContent	3. The ASPA eContent

	The content of an ASPA identifies the Customer AS (CAS) as well as	The content of an ASPA identifies the Customer AS (CAS) as well as
	the Set of Provider ASes (SPAS) that are authorized to further	the Set of Provider ASes (SPAS) that are authorized to further
	propagate announcements received from the customer. If customer has	propagate announcements received from the customer. If customer has

	multiple providers they SHOULD be registered in a single ASPA object.	multiple providers they MUST be registered in a single ASPA object.
	An ASPA is formally defined as:	This rule is important to avoid possible race conditions during
		updates. An ASPA is formally defined as:

	ct-ASPA CONTENT-TYPE ::=	ct-ASPA CONTENT-TYPE ::=
	{ ASProviderAttestation IDENTIFIED BY id-ct-ASPA }	{ ASProviderAttestation IDENTIFIED BY id-ct-ASPA }

	id-ct-ASPA OBJECT IDENTIFIER ::= { id-ct TBD }	id-ct-ASPA OBJECT IDENTIFIER ::= { id-ct TBD }

	ASProviderAttestation ::= SEQUENCE {	ASProviderAttestation ::= SEQUENCE {
	version [0] ASPAVersion DEFAULT v0,	version [0] ASPAVersion DEFAULT v0,
	AFI AddressFamilyIdentifier,	AFI AddressFamilyIdentifier,
	customerASID ASID,	customerASID ASID,
	providerASSET SEQUENCE (SIZE(1..MAX)) OF ASID }	providerASSET SEQUENCE (SIZE(1..MAX)) OF ASID }

	ASPAVersion ::= INTEGER { v0(0) }	ASPAVersion ::= INTEGER { v0(0) }


	AddressFamilyIdentifier ::= INTEGER	AddressFamilyIdentifier ::= OCTET STRING (SIZE (2..3))

	ASID ::= INTEGER	ASID ::= INTEGER

	Note that this content appears as the eContent within the	Note that this content appears as the eContent within the
	encapContentInfo as specified in [RFC6488].	encapContentInfo as specified in [RFC6488].

	3.1. version	3.1. version

	The version number of the ASProviderAttestation MUST be v0.	The version number of the ASProviderAttestation MUST be v0.


	skipping to change at page 8, line 42 ¶	skipping to change at page 8, line 42 ¶
	February 2012, <https://www.rfc-editor.org/info/rfc6480>.	February 2012, <https://www.rfc-editor.org/info/rfc6480>.

	Authors' Addresses	Authors' Addresses

	Alexander Azimov	Alexander Azimov
	Yandex	Yandex

	Email: a.e.azimov@gmail.com	Email: a.e.azimov@gmail.com

	Eugene Uskov	Eugene Uskov

	Qrator Labs	JetLend


	Email: eu@qrator.net	Email: eu@jetlend.ru

	Randy Bush	Randy Bush
	Internet Initiative Japan	Internet Initiative Japan

	Email: randy@psg.com	Email: randy@psg.com
	Keyur Patel	Keyur Patel
	Arrcus, Inc.	Arrcus, Inc.

	Email: keyur@arrcus.com	Email: keyur@arrcus.com


End of changes. 9 change blocks.
	10 lines changed or deleted	11 lines changed or added
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/