idnits 2.17.00 (12 Aug 2021) /tmp/idnits49088/draft-ietf-sidr-bgpsec-algs-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC7935, but the abstract doesn't seem to directly say this. It does mention RFC7935 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 14, 2016) is 2013 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 2986 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Downref: Normative reference to an Informational RFC: RFC 6090 == Outdated reference: draft-ietf-sidr-bgpsec-protocol has been published as RFC 8205 == Outdated reference: draft-ietf-sidr-bgpsec-pki-profiles has been published as RFC 8209 -- Possible downref: Non-RFC (?) normative reference: ref. 'DSS' -- Possible downref: Non-RFC (?) normative reference: ref. 'SHS' Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Secure Inter-Domain Routing Working Group S. Turner 3 Internet-Draft sn3rd 4 Updates: 7935 (if approved) November 14, 2016 5 Intended status: Standards Track 6 Expires: May 18, 2017 8 BGPsec Algorithms, Key Formats, & Signature Formats 9 draft-ietf-sidr-bgpsec-algs-16 11 Abstract 13 This document specifies the algorithms, algorithm parameters, 14 asymmetric key formats, asymmetric key size and signature format used 15 in BGPsec (Border Gateway Protocol Security). This document updates 16 the Profile for Algorithms and Key Sizes for Use in the Resource 17 Public Key Infrastructure (RFC 7935). 19 Status of this Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 Copyright Notice 36 Copyright (c) 2016 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 52 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 53 2. Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 3. Asymmetric Key Pair Formats . . . . . . . . . . . . . . . . . 3 55 3.1. Public Key Format . . . . . . . . . . . . . . . . . . . . 4 56 3.2. Private Key Format . . . . . . . . . . . . . . . . . . . . 4 57 4. Signature Format . . . . . . . . . . . . . . . . . . . . . . . 4 58 5. Additional Requirements . . . . . . . . . . . . . . . . . . . 4 59 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 60 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 61 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5 62 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 63 9.1. Normative References . . . . . . . . . . . . . . . . . . . 5 64 9.2. Informative References . . . . . . . . . . . . . . . . . . 7 65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 67 1. Introduction 69 This document specifies: 70 o the digital signature algorithm and parameters; 71 o the hash algorithm and parameters; 72 o the public and private key formats; and, 73 o the signature format 74 used by Resource Public Key Infrastructure (RPKI) Certification 75 Authorities (CA), and BGPsec (Border Gateway Protocol Security) 76 speakers (i.e., routers). CAs use these algorithms when processing 77 requests for BGPsec Router Certificates [ID.sidr-bgpsec-pki- 78 profiles]. Examples when BGPsec routers use these algorithms include 79 requesting BGPsec certificates [ID.sidr-bgpsec-pki-profiles], signing 80 BGPsec Update messages [ID.sidr-bgpsec-protocol], and verifying 81 BGPsec Update messages [ID.sidr-bgpsec-protocol]. 83 This document updates [RFC7935] to add support for a) a different 84 algorithm for BGPsec certificate requests, which are issued only by 85 BGPsec speakers; b) a different Subject Public Key Info format for 86 BGPsec certificates, which is needed for the specified BGPsec 87 signature algorithm; and, c) a different signature format for BGPsec 88 signatures, which is needed for the specified BGPsec signature 89 algorithm. The BGPsec certificate are differentiated from other RPKI 90 certificates by the use of the BGPsec Extended Key Usage defined in 91 [ID.sidr-bgpsec-pki-profiles]. 93 1.1. Terminology 95 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 96 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 97 "OPTIONAL" in this document are to be interpreted as described in 98 [RFC2119]. 100 2. Algorithms 102 The algorithms used to compute signatures on CA certificates, BGPsec 103 Router Certificates, and CRLs are as specified in Section 2 of 104 [RFC7935]. This section addresses BGPsec algorithms, for example 105 these algorithms are used by BGPsec routers to request BGPsec 106 certificates, by RPKI CAs to verify BGPsec certification requests, by 107 BGPsec routers to generate BGPsec Update messages, and by BGPsec 108 routers to verify BGPsec Update message: 110 o The signature algorithm used MUST be the Elliptic Curve Digital 111 Signature Algorithm (ECDSA) with curve P-256 [RFC6090][DSS]. 113 o The hash algorithm used MUST be SHA-256 [SHS]. 115 Hash algorithms are not identified by themselves in certificates or 116 BGPsec Update messages. They are represented by an OID that combines 117 the hash algorithm with the digital signature algorithm as follows: 119 o The ecdsa-with-SHA256 OID [RFC5480] MUST appear in the PKCS #10 120 signatureAlgorithm field [RFC2986] or in Certificate Request 121 Message Format (CRMF) POPOSigningKey algorithm field [RFC4211], 122 which location depends on the certificate request format 123 generated. 125 o In BGPsec Update messages, the ECDSA with SHA-256 Algorithm Suite 126 Identifier value 0x1 (see Section 7) is included in the 127 Signature-Block List's Algorithm Suite Identifier field. 129 3. Asymmetric Key Pair Formats 131 The key formats used to compute signatures on CA certificates, BGPsec 132 Router Certificates, and CRLs are as specified in Section 3 of 133 [RFC7935]. This section addresses key formats found in the BGPsec 134 router certificate requests and in BGPsec Router Certificates. 136 The ECDSA private keys used to compute signatures for certificate 137 requests and BGPsec Update messages MUST come from the P-256 curve 138 [RFC5480]. The public key pair MUST use the uncompressed form. 140 3.1. Public Key Format 142 The Subject's public key is included in subjectPublicKeyInfo 143 [RFC5280]. It has two sub-fields: algorithm and subjectPublicKey. 144 The values for the structures and their sub-structures follow: 146 o algorithm (an AlgorithmIdentifier type): The id-ecPublicKey OID 147 MUST be used in the algorithm field, as specified in Section 148 2.1.1 of [RFC5480]. The value for the associated parameters MUST 149 be secp256r1, as specified in Section 2.1.1.1 of [RFC5480]. 151 o subjectPublicKey: ECPoint MUST be used to encode the 152 certificate's subjectPublicKey field, as specified in Section 2.2 153 of [RFC5480]. 155 3.2. Private Key Format 157 Local Policy determines private key format. 159 4. Signature Format 161 The structure for the certificate's and CRL's signature field MUST be 162 as specified in Section 4 of [RFC7935], which is the same format used 163 by other RPKI certificates. The structure for the certification 164 request's and BGPsec Update message's signature field MUST be as 165 specified in Section 2.2.3 of [RFC3279]. 167 5. Additional Requirements 169 It is anticipated that BGPsec will require the adoption of updated 170 key sizes and a different set of signature and hash algorithms over 171 time, in order to maintain an acceptable level of cryptographic 172 security. This profile should be updated to specify such future 173 requirements, when appropriate. 175 The recommended procedures to implement such a transition of key 176 sizes and algorithms is specified in [RFC6916]. 178 6. Security Considerations 180 The Security Considerations of [RFC3279], [RFC5480], [RFC6090], 181 [RFC7935], and [ID.sidr-bgpsec-pki-profiles] apply to certificates. 182 The security considerations of [RFC3279], [RFC6090], [RFC7935], 183 [ID.sidr-bgpsec-pki-profiles] apply to certification requests. The 184 security considerations of [RFC3279], [ID.sidr-bgpsec-protocol], and 185 [RFC6090] apply to BGPsec Update messages. No new security 186 considerations are introduced as a result of this specification. 188 7. IANA Considerations 190 The Internet Assigned Numbers Authority (IANA) is requested to define 191 the "BGPsec Algorithm Suite Registry" in the Resource Public Key 192 Infrastructure (RPKI) group. The one-octet BGPsec Algorithm Suite 193 Registry identifiers assigned by IANA identifies the digest algorithm 194 and a signature algorithm used in the BGPsec Signature-Block List's 195 Algorithm Suite Identifier field. 197 IANA is kindly requested to also register a single algorithm suite 198 identifier, for the digest algorithm SHA-256 [SHS] and the signature 199 algorithm ECDSA on the P-256 curve [RFC6090][DSS]. 201 BGPsec Algorithm Suites Registry 203 Algorithm Digest Signature Specification 204 Suite Algorithm Algorithm Pointer 205 Identifier 207 +------------+------------+-------------+---------------------+ 208 | 0x0 | Reserved | Reserved | This draft | 209 +------------+------------+-------------+---------------------+ 210 | 0x1 | SHA-256 | ECDSA P-256 | [SHS][DSS][RFC6090] | 211 +------------+------------+-------------+---------------------+ 212 | 0x2-0xE | Unassigned | Unassigned | This draft | 213 +------------+------------+-------------+---------------------+ 214 | 0xF | Reserved | Reserved | This draft | 215 +------------+------------+-------------+---------------------+ 217 Future assignments are to be made using the Standards Action process 218 defined in [RFC5226]. Assignments consist of the one-octet algorithm 219 suite identifier value and the associated digest algorithm name and 220 signature algorithm name. 222 8. Acknowledgements 224 The author wishes to thank Geoff Huston and George Michaelson for 225 producing [RFC7935], which this document is entirely based on. I'd 226 also like to thank Roque Gagliano, David Mandelberg, Tom Petch, Sam 227 Weiller, and Stephen Kent for their reviews and comments. 229 9. References 231 9.1. Normative References 233 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 234 Requirement Levels", BCP 14, RFC 2119, DOI 235 10.17487/RFC2119, March 1997, . 238 [RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification 239 Request Syntax Specification Version 1.7", RFC 2986, DOI 240 10.17487/RFC2986, November 2000, . 243 [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and 244 Identifiers for the Internet X.509 Public Key 245 Infrastructure Certificate and Certificate Revocation List 246 (CRL) Profile", RFC 3279, DOI 10.17487/RFC3279, April 2002, 247 . 249 [RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure 250 Certificate Request Message Format (CRMF)", RFC 4211, DOI 251 10.17487/RFC4211, September 2005, . 254 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 255 IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 256 10.17487/RFC5226, May 2008, . 259 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 260 Housley, R., and W. Polk, "Internet X.509 Public Key 261 Infrastructure Certificate and Certificate Revocation List 262 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 263 . 265 [RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk, 266 "Elliptic Curve Cryptography Subject Public Key 267 Information", RFC 5480, DOI 10.17487/RFC5480, March 2009, 268 . 270 [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic 271 Curve Cryptography Algorithms", RFC 6090, DOI 272 10.17487/RFC6090, February 2011, . 275 [RFC6916] Gagliano, R., Kent, S., and S. Turner, "Algorithm Agility 276 Procedure for the Resource Public Key Infrastructure 277 (RPKI)", BCP 182, RFC 6916, DOI 10.17487/RFC6916, April 278 2013, . 280 [RFC7935] Huston, G. and G. Michaelson, Ed., "The Profile for 281 Algorithms and Key Sizes for Use in the Resource Public Key 282 Infrastructure", RFC 7935, DOI 10.17487/RFC7935, August 283 2016, . 285 [ID.sidr-bgpsec-protocol] Lepinski, M., "BGPsec Protocol 286 Specification", draft-ietf-sidr-bgpsec-protocol, work-in- 287 progress. 289 [ID.sidr-bgpsec-pki-profiles] Reynolds, M. and S. Turner, "A Profile 290 for BGPSEC Router Certificates, Certificate Revocation 291 Lists, and Certification Requests", draft-ietf-sidr-bgpsec- 292 pki-profiles, work-in-progress. 294 [DSS] National Institute of Standards and Technology (NIST), U.S. 295 Department of Commerce, "Digital Signature Standard", FIPS 296 Publication 186-4, July 2013. 298 [SHS] National Institute of Standards and Technology (NIST), U.S. 299 Department of Commerce, "Secure Hash Standard", FIPS 300 Publication 180-4, August 2015. 302 9.2. Informative References 304 None. 306 Authors' Addresses 308 Sean Turner 309 sn3rd 311 EMail: sean@sn3rd.com