Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of draft-ietf-sidr-roa-00.txt Steve Kent BBN Technologies.

Published byLucy Lee Modified over 8 years ago

Similar presentations

Presentation on theme: "Overview of draft-ietf-sidr-roa-00.txt Steve Kent BBN Technologies."— Presentation transcript:

1 Overview of draft-ietf-sidr-roa-00.txt Steve Kent BBN Technologies

2 2 Presentation Outline  Route origination security  Proposed ROA design  Design rationale  Proposed ROA format  ROA and NLRI matching  Questions

3 3 Route Origination Security  One goal of this PKI is to enable ISPs to verify route origination assertions in BGP UPDATE messages  To support this goal, each address space holder needs to digitally sign one or more objects that identify each AS authorized to advertise routes on behalf of the address space holder  We call the object a route origination authorization (ROA)  An address space holder issues a distinct ROA to each ISP he wants to advertise all or a portion of his address space  Since each ISP is an address space holder, it would sign one or more ROAs (one per AS number) authorizing itself to advertise the addresses it holds

4 4 ROA Design  A ROA has three major data elements, encapsulated in a CMS signed data object A version number One of more address prefixes, corresponding to the NLRI that the ROA signer authorizes for origination by one or more ISPs, enumerated below An AS number of an ISP authorized to originate routes to the above list of prefixes  A ROA is valid only if the (EE) certificate used to verify its signature is valid, and if the address space extension in the certificate exactly matches the prefixes in the ROA  We use the CMS format to represent a signed ROA, as this format is supported in open source software

5 5 ROA Design Rationale  We assume a 1-1 match between ROAs and the EE certificates used to verify them This makes it easier to manage revocation of ROAs It avoids the need to put a validity interval in a ROA Can discard private key after signing the ROA  Just one AS per ROA (Randy), to keep the ROA design simple, and to enforce the notion that each ROA authorizes only one ISP (Geoff)  Include the prefix(es) in the ROA to make it easier for a human user to understand (Randy)  We use the prefix representation from RFC 3779 to make matching against the certificate easy

6 6 ROA Format (1/2) RouteOriginAttestation ::= SEQUENCE { version [0] INTEGER DEFAULT 0, -- this is the ROA version # asID ASID, ipAddrBlocks ROAIPAddrBlocks } ASID ::= INTEGER -- this is the AS number ROAIPAddrBlocks ::= SEQUENCE of ROAIPAddressFamily ROAIPAddressFamily ::= SEQUENCE { addressFamily OCTET STRING (SIZE (2..3)), addressesOrRanges SEQUENCE OF IPAddressOrRange } -- Only two address families: IPv4 and IPv6

7 7 ROA Format (2/2) IPAddressOrRange ::= CHOICE { addressPrefix IPAddress, addressRange IPAddressRange } IPAddressRange ::= SEQUENCE { min IPAddress, max IPAddress } IPAddress ::= BIT STRING This syntax is taken from RFC 3779

8 8 Profiled CMS Format (1/3) SignedData ::= SEQUENCE { version CMSVersion, -- version number is 3 digestAlgorithms DigestAlgorithmIdentifiers, -- for a ROA, just one, SHA-256 encapContentInfo EncapsulatedContentInfo, certificates [0] IMPLICIT CertificateSet OPTIONAL, -- only one certificate for a ROA, and only if transmitted (vs. stored in a repository) signerInfos SignerInfos } DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier -- for a ROA, just one alg identifier SignerInfos ::= SET OF SignerInfo -- for a ROA, just one entry

9 9 Profiled CMS Format (2/3) EncapsulatedContentInfo ::= SEQUENCE { eContentType ContentType, eContent [0] EXPLICIT OCTET STRING OPTIONAL } ContentType ::= OBJECT IDENTIFIER id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 } id-ct OBJECT INDENTIFIER ::= {id-smime 1} routeOriginAttestion OBJECT IDENTIFIER ::= {id-ct 24} -- this is the OID for a ROA

10 10 Profiled CMS Format (3/3) SignerInfo ::= SEQUENCE { version CMSVersion, -- version number is 3 sid SignerIdentifier, -- for a ROA, this is an SKI, a back-pointer to the (EE) certificate for verification digestAlgorithm DigestAlgorithmIdentifier, -- for a ROA, this is SHA-256 signatureAlgorithm SignatureAlgorithmIdentifier, -- for a ROA, this is SHA-256 with RSA signature SignatureValue }

11 11 Generating a ROA  An ISP or subscriber generates one ROA for each AS for which it wants to authorize route origination If all prefixes of the resource holder are to be advertised by the same ISPs, and came from one source, then the entity signs one ROA containing all the prefixes If the resource holder wants to authorize some ISPs to originate some prefixes, and other ISPs to originate other prefixes, the holder signs one ROA for each set of addresses to be originated by each ISP (AS ) If a resource holder has addresses from different sources, it MUST generate multiple ROAs, each restricted to one allocation source

12 12 Multiple ROA Example Subscriber (CA) Subscriber (shadow) ROA Subscriber (shadow) ROA Subscriber (shadow) ROA

13 13 Multi-source Allocation Example LIR (CA) Subscriber (CA) Subscriber (shadow) ROA RIR (CA) Subscriber (CA) Subscriber (shadow) ROA

14 14 ROAs and Prefix Matching (1/3)  This I-D says that there MUST be an exact match between the prefix(es) in a ROA and those in the EE certificate used to verify it  The I-D does not say how to match the addresses represented in a ROA to the NLRI in a BGP UPDATE  Suggested answers include Exact match Exact or more specific Changing the ROA to express a range of prefix lengths for determining a match Changing the ROA to look like an RPSL declaration

15 15 ROAs and Prefix Matching (2/3)  Some observations We have two places at which to make prefix comparisons : ROA vs. EE certificate and ROA vs. NLRI I think we should keep ROA/certificate matching simple I think we should stick with ASN.1 in the ROA, not mix ASN.1 and text (canonicalization is a solved problem for the RFC 3779 expression of addresses/ranges) A resource holder can create multiple ROAs if necessary to express authorization

16 16 ROA and prefix Matching (3/3)  Observations from the SIDR WG meeting A resource certificate and a ROA can express address ranges that are NOT CIDR prefixes, so one cannot mandate an exact match between NLRI (which must be a prefix) and a ROA in all cases In such cases, one could issue two (or more) ROAs each of which is a CIDR prefix to cover the prefixes in a BGP advertisement; the ability to match multiple ROAs to an advertisement MUST be supported to accommodate multiple allocation sources anyway One also could formulate an ASN.1 version of RPSL expressiveness for advertisement authorization

Download ppt "Overview of draft-ietf-sidr-roa-00.txt Steve Kent BBN Technologies."

Similar presentations

A Threat Model for BGPSEC

A Threat Model for BGPSEC
A Threat Model for BGPSEC Steve Kent BBN Technologies.

A Threat Model for BGPSEC Steve Kent BBN Technologies.
RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
1 APNIC Resource Certification Service Project Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam George Michaelson.

1 APNIC Resource Certification Service Project Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam George Michaelson.
Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.

Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.
Advantages of modular PKI

Advantages of modular PKI
RPKI and Routing Security ICANN 44 June 2012. Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.

RPKI and Routing Security ICANN 44 June Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.
Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.
ROAs and Detecting “Bad” Originations Geoff Huston SIDR WG IETF 74.

ROAs and Detecting “Bad” Originations Geoff Huston SIDR WG IETF 74.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
BGP.

BGP.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.

Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC.

Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC.

Similar presentations

Ads by Google