idnits 2.17.00 (12 Aug 2021) /tmp/idnits40279/draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 5, 2018) is 1537 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 2986 ** Downref: Normative reference to an Informational RFC: RFC 6090 ** Obsolete normative reference: RFC 8208 (Obsoleted by RFC 8608) -- Possible downref: Non-RFC (?) normative reference: ref. 'DSS' -- Possible downref: Non-RFC (?) normative reference: ref. 'SHS' Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force (IETF) S. Turner 3 Internet-Draft sn3rd 4 Updates: 8208 (if approved) O. Borchert 5 Intended status: Standards Track NIST 6 Expires: September 6, 2018 March 5, 2018 8 BGPsec Algorithms, Key Formats, and Signature Formats 9 draft-ietf-sidrops-bgpsec-algs-rfc8208-bis-01 11 Abstract 13 This document specifies the algorithms, algorithm parameters, 14 asymmetric key formats, asymmetric key sizes, and signature formats 15 used in BGPsec (Border Gateway Protocol Security). This document 16 updates RFC 8208 ("BGPsec Algorithms, Key Formats, and Signature 17 Formats") by adding Special-Use Algorithm IDs and correcting the 18 range of unassigned algorithms IDs to fill the complete range. 20 This document also includes example BGPsec UPDATE messages as well as 21 the private keys used to generate the messages and the certificates 22 necessary to validate those signatures. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on August 2, 2018 41 Copyright Notice 43 Copyright (c) 2018 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 60 1.2. Changes from RFC 8208 . . . . . . . . . . . . . . . . . . 4 61 2. Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . 4 62 2.1. Algorithm ID Types . . . . . . . . . . . . . . . . . . . . 4 63 2.2. Signature Algorithms . . . . . . . . . . . . . . . . . . . 5 64 2.2.1. Algorithm ID 0x01 - (ECDSA-P256) . . . . . . . . . . . 5 65 3. Asymmetric Key Pair Formats . . . . . . . . . . . . . . . . . 6 66 3.1. Asymmetric Key Pair for Algorithm ID 0x01 - (ECDSA-p256) . 6 67 3.1.1. Public Key Format . . . . . . . . . . . . . . . . . . 6 68 3.1.2. Private Key Format . . . . . . . . . . . . . . . . . . 6 69 4. Signature Formats . . . . . . . . . . . . . . . . . . . . . . 6 70 5. Additional Requirements . . . . . . . . . . . . . . . . . . . 6 71 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 72 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 73 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 74 8.1. Normative References . . . . . . . . . . . . . . . . . . . 9 75 8.2. Informative References . . . . . . . . . . . . . . . . . . 11 76 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 12 77 A.1. Topology and Experiment Description . . . . . . . . . . . 12 78 A.2. Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 79 A.3. BGPsec IPv4 . . . . . . . . . . . . . . . . . . . . . . . 16 80 A.4. BGPsec IPv6 . . . . . . . . . . . . . . . . . . . . . . . 19 81 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 22 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 84 1. Introduction 86 This document specifies the following: 88 o the digital signature algorithm and parameters, 90 o the hash algorithm and parameters, 92 o the algorithm identifier assignment and classification, 94 o the public and private key formats, and 96 o the signature formats 98 used by Resource Public Key Infrastructure (RPKI) Certification 99 Authorities (CAs) and BGPsec (Border Gateway Protocol Security) 100 speakers (i.e., routers). CAs use these algorithms when processing 101 requests for BGPsec Router Certificates [RFC8209]. Examples of when 102 BGPsec routers use these algorithms include requesting BGPsec 103 certificates [RFC8209], signing BGPsec UPDATE messages [RFC8205], and 104 verifying signatures on BGPsec UPDATE messages [RFC8205]. 106 This document updates [RFC7935] to add support for a) a different 107 algorithm for BGPsec certificate requests, which are issued only by 108 BGPsec speakers; b) a different Subject Public Key Info format for 109 BGPsec certificates, which is needed for the specified BGPsec 110 signature algorithm; and c) different signature formats for BGPsec 111 signatures, which are needed for the specified BGPsec signature 112 algorithm. The BGPsec certificates are differentiated from other 113 RPKI certificates by the use of the BGPsec Extended Key Usage as 114 defined in [RFC8209]. BGPsec uses a different algorithm [RFC6090] 115 [DSS] as compared to the rest of the RPKI to minimize the size of the 116 protocol exchanged between routers. 118 Appendix A contains example BGPsec UPDATE messages as well as the 119 private keys used to generate the messages and the certificates 120 necessary to validate the signatures. 122 1.1. Terminology 124 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 125 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 126 "OPTIONAL" in this document are to be interpreted as described in 127 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 128 capitals, as shown here. 130 1.2. Changes from RFC 8208 132 This section describes the significant changes between [RFC8208] and 133 this document. 135 o Adding section 2.1 of algorithm ID types and what to do when these 136 IDs are observed. 138 o Restructured Sections 2 and 3 to align with the corresponding 139 algorithm suite identifier value. 141 o Correction of range for unassigned algorithm suite identifier 142 values. 144 o Adding of Special-Use algorithm suite identifier values. 146 2. Algorithms 148 The algorithms used to compute signatures on CA certificates, 149 BGPsec Router Certificates, and Certificate Revocation Lists 150 (CRLs) are as specified in Section 2 of [RFC7935]. This section 151 addresses BGPsec algorithms; for example, these algorithms are 152 used by BGPsec routers to sign and verify BGPsec UPDATE messages. 153 To identify which algorithm is used, the BGPsec UPDATE message 154 contains the corresponding algorithm ID in each Signature_Block of 155 the BGPsec UPDATE message. 157 2.1. Algorithm ID Types 159 Algorithms in BGPsec UPDATE messages are identified by the 160 Algorithm Suite Identifier field (Algorithm ID) within the 161 Signature_Block (see Section 3.2 of [RFC8205]). 163 This document specifies four types of algorithm IDs: 165 o Reserved Algorithm ID 167 Reserved algorithm IDs are the values 0x00 and 0xFF. These IDs 168 MUST NOT be used in a Signature_Block and if encountered, the 169 router MUST treat BGPsec UPDATE messages as Malformed [RFC4271]. 171 o Signature Algorithm ID 173 Signature algorithms are defined in Section 2.2 of this document. 174 Processing of BGPsec UPDATE signing and validation using signature 175 algorithms is described in length in Section 4.2 and Section 5.2 176 of [RFC8205]. 178 o Unassigned Algorithm ID 180 This type of algorithm ID is free for future assignments and MUST 181 NOT be used until an algorithm is officially assigned (see 182 Section 7). In case a router encounters an unassigned algorithm 183 ID in one of the Signature_Blocks of a BGPsec UPDATE message, the 184 router SHOULD process the Signature_Block as 185 "unsupported algorithm" as specified in Section 5.2 of [RFC8205]. 187 o Special-Use Algorithm ID 189 Special-Use algorithm IDs span from 0xFA (250) to 0xFE (254). To 190 allow documentation and experimentation to accurately describe 191 deployment examples, the use of publicly assigned algorithm IDs is 192 inappropriate, and a reserved block of Special-Use algorithm IDs 193 is required. This ensures that documentation and experimentation 194 does not clash with assigned algorithm IDs in deployed networks, 195 and mitigates the risks to operational integrity of the network 196 through inappropriate use of documentation to perform literal 197 configuration of routing elements on production systems. A router 198 that encounters an algorithm ID of this type outside of an 199 experimental network, SHOULD treat these type same as 200 "unsupported algorithm" as specified in Section 5.2 of [RFC8205]. 202 2.2. Signature Algorithms 204 2.2.1. Algorithm ID 0x01 - (ECDSA-P256) 206 o The signature algorithm used MUST be the Elliptic Curve Digital 207 Signature Algorithm (ECDSA) with curve P-256 [RFC6090] [DSS]. 209 o The hash algorithm used MUST be SHA-256 [SHS]. 211 Hash algorithms are not identified by themselves in certificates or 212 BGPsec UPDATE messages. They are represented by an OID that combines 213 the hash algorithm with the digital signature algorithm as follows: 215 o The ecdsa-with-SHA256 OID [RFC5480] MUST appear in the Public-Key 216 Cryptography Standards #10 (PKCS #10) signatureAlgorithm field 217 [RFC2986] or in the Certificate Request Message Format (CRMF) 218 POPOSigningKey algorithm field [RFC4211]; where the OID is placed 219 depends on the certificate request format generated. 221 o In BGPsec UPDATE messages, the ECDSA with SHA-256 algorithm suite 222 identifier value 0x01 (see Section 7) is included in the 223 Signature_Block List's Algorithm Suite Identifier field. 225 3. Asymmetric Key Pair Formats 227 The key formats used to compute signatures on CA certificates, BGPsec 228 Router Certificates, and CRLs are as specified in Section 3 of 229 [RFC7935]. This section addresses key formats found in the BGPsec 230 Router Certificate requests and in BGPsec Router Certificates. 232 3.1. Asymmetric Key Pair for Algorithm ID 0x01 - (ECDSA-p256) 234 The ECDSA private keys used to compute signatures for certificate 235 requests and BGPsec UPDATE messages MUST be associated with the P-256 236 curve domain parameters [RFC5480]. The public key pair MUST use the 237 uncompressed form. 239 3.1.1. Public Key Format 241 The Subject's public key is included in subjectPublicKeyInfo 242 [RFC5280]. It has two sub-fields: algorithm and subjectPublicKey. 243 The values for the structures and their sub-structures follow: 245 o algorithm (an AlgorithmIdentifier type): The id-ecPublicKey OID 246 MUST be used in the algorithm field, as specified in Section 2.1.1 247 of [RFC5480]. The value for the associated parameters MUST be 248 secp256r1, as specified in Section 2.1.1.1 of [RFC5480]. 250 o subjectPublicKey: ECPoint MUST be used to encode the certificate's 251 subjectPublicKey field, as specified in Section 2.2 of [RFC5480]. 253 3.1.2. Private Key Format 255 Local policy determines private key format. 257 4. Signature Formats 259 The structure for the certificate's and CRL's signature field MUST be 260 as specified in Section 4 of [RFC7935]; this is the same format used 261 by other RPKI certificates. The structure for the certification 262 request's and BGPsec UPDATE message's signature field MUST be as 263 specified in Section 2.2.3 of [RFC3279]. 265 5. Additional Requirements 267 It is anticipated that BGPsec will require the adoption of updated 268 key sizes and a different set of signature and hash algorithms over 269 time, in order to maintain an acceptable level of cryptographic 270 security. This profile should be updated to specify such future 271 requirements, when appropriate. 273 The recommended procedures to implement such a transition of key 274 sizes and algorithms are specified in [RFC6916]. 276 6. Security Considerations 278 The security considerations of [RFC3279], [RFC5480], [RFC6090], 279 [RFC7935], and [RFC8209] apply to certificates. The security 280 considerations of [RFC3279], [RFC6090], [RFC7935], and [RFC8209] 281 apply to certification requests. The security considerations of 282 [RFC3279], [RFC6090], and [RFC8205] apply to BGPsec UPDATE messages. 283 No new security considerations are introduced as a result of this 284 specification. 286 7. IANA Considerations 288 The Internet Assigned Numbers Authority (IANA) has created the 289 "BGPsec Algorithm Suite Registry" in the Resource Public Key 290 Infrastructure (RPKI) group. The one-octet "BGPsec Algorithm Suite 291 Registry" identifiers assigned by IANA identify the digest algorithm 292 and signature algorithm used in the BGPsec Signature_Block List's 293 Algorithm Suite Identifier field. 295 IANA has registered a single algorithm suite identifier for the 296 digest algorithm SHA-256 [SHS] and for the signature algorithm ECDSA 297 on the P-256 curve [RFC6090] [DSS]. 299 IANA is asked to modify the previously registered "Unassigned" 300 address space. 302 Algorithm Digest Signature Specification 303 Suite Algorithm Algorithm Pointer 304 Identifier 305 +------------+---------------+--------------+-----------------------+ 306 | 0x2-0xEF | Unassigned | Unassigned | | 307 +------------+---------------+--------------+-----------------------+ 309 To be modified into: 311 Algorithm Digest Signature Specification 312 Suite Algorithm Algorithm Pointer 313 Identifier 314 +------------+---------------+--------------+-----------------------+ 315 | 0x2-0xFA | Unassigned | Unassigned | | 316 +------------+---------------+--------------+-----------------------+ 317 In addition IANA is asked to register the following address space for 318 "Special-Use": 320 Algorithm Digest Signature Specification 321 Suite Algorithm Algorithm Pointer 322 Identifier 323 +------------+---------------+--------------+-----------------------+ 324 | 0xFB-0xFE | Special-Use | Special-Use | This Document | 325 +------------+---------------+--------------+-----------------------+ 327 After the requested modification, the "BGPsec Algorithm Suite 328 Registry" in the RPKI group should contain the following values: 330 BGPsec Algorithm Suite Registry 332 Algorithm Digest Signature Specification 333 Suite Algorithm Algorithm Pointer 334 Identifier 335 +------------+---------------+--------------+-----------------------+ 336 | 0x00 | Reserved | Reserved | This document | 337 +------------+---------------+--------------+-----------------------+ 338 | 0x01 | SHA-256 | ECDSA P-256 | [SHS] [DSS] [RFC6090] | 339 | | | | This document | 340 +------------+---------------+--------------+-----------------------+ 341 | 0x02-0xFA | Unassigned | Unassigned | | 342 +------------+---------------+--------------+-----------------------+ 343 | 0xFB-0xFE | Special-Use | Special-Use | This Document | 344 +------------+---------------+--------------+-----------------------+ 345 | 0xFF | Reserved | Reserved | This document | 346 +------------+---------------+--------------+-----------------------+ 348 Future assignments are to be made using the Standards Action process 349 defined in [RFC8126]. Assignments consist of the one-octet algorithm 350 suite identifier value and the associated digest algorithm name and 351 signature algorithm name. 353 8. References 355 8.1. Normative References 357 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 358 Requirement Levels", BCP 14, RFC 2119, DOI 359 10.17487/RFC2119, March 1997, . 362 [RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification 363 Request Syntax Specification Version 1.7", RFC 2986, DOI 364 10.17487/RFC2986, November 2000, . 367 [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and 368 Identifiers for the Internet X.509 Public Key 369 Infrastructure Certificate and Certificate Revocation List 370 (CRL) Profile", RFC 3279, DOI 10.17487/RFC3279, April 371 2002, . 373 [RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure 374 Certificate Request Message Format (CRMF)", RFC 4211, DOI 375 10.17487/RFC4211, September 2005, . 378 [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A 379 Border Gateway Protocol 4 (BGP-4)", RFC 4271, DOI 380 10.17487/RFC4271, January 2006, . 383 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 384 Housley, R., and W. Polk, "Internet X.509 Public Key 385 Infrastructure Certificate and Certificate Revocation List 386 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 387 . 389 [RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk, 390 "Elliptic Curve Cryptography Subject Public Key 391 Information", RFC 5480, DOI 10.17487/RFC5480, March 2009, 392 . 394 [RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic 395 Curve Cryptography Algorithms", RFC 6090, DOI 396 10.17487/RFC6090, February 2011, . 399 [RFC6916] Gagliano, R., Kent, S., and S. Turner, "Algorithm Agility 400 Procedure for the Resource Public Key Infrastructure 401 (RPKI)", BCP 182, RFC 6916, DOI 10.17487/RFC6916, April 402 2013, . 404 [RFC7935] Huston, G. and G. Michaelson, Ed., "The Profile for 405 Algorithms and Key Sizes for Use in the Resource Public 406 Key Infrastructure", RFC 7935, DOI 10.17487/RFC7935, 407 August 2016, . 409 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 410 Writing an IANA Considerations Section in RFCs", BCP 26, 411 RFC 8126, DOI 10.17487/RFC8126, June 2017, 412 . 414 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in 415 RFC 2119 Key Words", BCP 14, RFC 8174, DOI 416 10.17487/RFC8174, May 2017, . 419 [RFC8205] Lepinski, M., Ed., and K. Sriram, Ed., "BGPsec Protocol 420 Specification", RFC 8205, DOI 10.17487/RFC8205, September 421 2017, . 423 [RFC8208] Turner, S. and O. Borchert, "BGPsec Algorithms, Key 424 Formats, and Signature Formats", RFC 8208, DOI 425 10.17487/RFC8208, September 2017, . 428 [RFC8209] Reynolds, M., Turner, S., and S. Kent, "A Profile for 429 BGPsec Router Certificates, Certificate Revocation Lists, 430 and Certification Requests", RFC 8209, DOI 431 10.17487/RFC8209, September 2017, . 434 [DSS] National Institute of Standards and Technology, "Digital 435 Signature Standard (DSS)", NIST FIPS Publication 186-4, 436 DOI 10.6028/NIST.FIPS.186-4, July 2013, 437 . 440 [SHS] National Institute of Standards and Technology, "Secure 441 Hash Standard (SHS)", NIST FIPS Publication 180-4, 442 DOI 10.6028/NIST.FIPS.180-4, August 2015, 443 . 446 8.2. Informative References 448 [RFC5398] Huston, G., "Autonomous System (AS) Number Reservation for 449 Documentation Use", RFC 5398, DOI 10.17487/RFC5398, 450 December 2008, . 452 [RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature 453 Algorithm (DSA) and Elliptic Curve Digital Signature 454 Algorithm (ECDSA)", RFC 6979, DOI 10.17487/RFC6979, August 455 2013, . 457 Appendix A. Examples 459 A.1. Topology and Experiment Description 461 Topology: 463 AS(64496)----AS(65536)----AS(65537) 465 Prefix Announcement: AS(64496), 192.0.2.0/24, 2001:db8::/32 467 The signature algorithm used in this example is ECDSA P-256 using the 468 algorithm suite identifier ID 0x01 as specified in Section 7 of this 469 document. 471 A.2. Keys 473 For this example, the ECDSA algorithm was provided with a static k to 474 make the result deterministic. 476 The k used for all signature operations was taken from [RFC6979], 477 Appendix A.2.5, "Signatures With SHA-256, message = 'sample'". 479 k = A6E3C57DD01ABE90086538398355DD4C 480 3B17AA873382B0F24D6129493D8AAD60 482 Keys of AS64496: 483 ================ 484 ski: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154 486 private key: 487 x = D8AA4DFBE2478F86E88A7451BF075565 488 709C575AC1C136D081C540254CA440B9 490 public key: 491 Ux = 7391BABB92A0CB3BE10E59B19EBFFB21 492 4E04A91E0CBA1B139A7D38D90F77E55A 493 Uy = A05B8E695678E0FA16904B55D9D4F5C0 494 DFC58895EE50BC4F75D205A25BD36FF5 496 Router Key Certificate example using OpenSSL 1.0.1e-fips 11 Feb 2013 497 -------------------------------------------------------------------- 498 Certificate: 499 Data: 500 Version: 3 (0x2) 501 Serial Number: 38655612 (0x24dd67c) 502 Signature Algorithm: ecdsa-with-SHA256 503 Issuer: CN=ROUTER-0000FBF0 504 Validity 505 Not Before: Jan 1 05:00:00 2017 GMT 506 Not After : Jul 1 05:00:00 2018 GMT 507 Subject: CN=ROUTER-0000FBF0 508 Subject Public Key Info: 509 Public Key Algorithm: id-ecPublicKey 510 Public-Key: (256 bit) 511 pub: 512 04:73:91:ba:bb:92:a0:cb:3b:e1:0e:59:b1:9e:bf: 513 fb:21:4e:04:a9:1e:0c:ba:1b:13:9a:7d:38:d9:0f: 514 77:e5:5a:a0:5b:8e:69:56:78:e0:fa:16:90:4b:55: 515 d9:d4:f5:c0:df:c5:88:95:ee:50:bc:4f:75:d2:05: 516 a2:5b:d3:6f:f5 517 ASN1 OID: prime256v1 518 X509v3 extensions: 519 X509v3 Key Usage: 520 Digital Signature 521 X509v3 Subject Key Identifier: 522 AB:4D:91:0F:55:CA:E7:1A:21:5E: 523 F3:CA:FE:3A:CC:45:B5:EE:C1:54 524 X509v3 Extended Key Usage: 525 1.3.6.1.5.5.7.3.30 526 sbgp-autonomousSysNum: critical 527 Autonomous System Numbers: 528 64496 529 Routing Domain Identifiers: 530 inherit 532 Signature Algorithm: ecdsa-with-SHA256 533 30:44:02:20:07:b7:b4:6a:5f:a4:f1:cc:68:36:39:03:a4:83: 534 ec:7c:80:02:d2:f6:08:9d:46:b2:ec:2a:7b:e6:92:b3:6f:b1: 535 02:20:00:91:05:4a:a1:f5:b0:18:9d:27:24:e8:b4:22:fd:d1: 536 1c:f0:3d:b1:38:24:5d:64:29:35:28:8d:ee:0c:38:29 538 -----BEGIN CERTIFICATE----- 539 MIIBiDCCAS+gAwIBAgIEAk3WfDAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA9ST1VU 540 RVItMDAwMEZCRjAwHhcNMTcwMTAxMDUwMDAwWhcNMTgwNzAxMDUwMDAwWjAaMRgw 541 FgYDVQQDDA9ST1VURVItMDAwMEZCRjAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC 542 AARzkbq7kqDLO+EOWbGev/shTgSpHgy6GxOafTjZD3flWqBbjmlWeOD6FpBLVdnU 543 9cDfxYiV7lC8T3XSBaJb02/1o2MwYTALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFKtN 544 kQ9VyucaIV7zyv46zEW17sFUMBMGA1UdJQQMMAoGCCsGAQUFBwMeMB4GCCsGAQUF 545 BwEIAQH/BA8wDaAHMAUCAwD78KECBQAwCgYIKoZIzj0EAwIDRwAwRAIgB7e0al+k 546 8cxoNjkDpIPsfIAC0vYInUay7Cp75pKzb7ECIACRBUqh9bAYnSck6LQi/dEc8D2x 547 OCRdZCk1KI3uDDgp 548 -----END CERTIFICATE----- 550 Keys of AS(65536): 551 ================== 552 ski: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC 554 private key: 555 x = 6CB2E931B112F24554BCDCAAFD9553A9 556 519A9AF33C023B60846A21FC95583172 558 public key: 559 Ux = 28FC5FE9AFCF5F4CAB3F5F85CB212FC1 560 E9D0E0DBEAEE425BD2F0D3175AA0E989 561 Uy = EA9B603E38F35FB329DF495641F2BA04 562 0F1C3AC6138307F257CBA6B8B588F41F 564 Router Key Certificate example using OpenSSL 1.0.1e-fips 11 Feb 2013 565 -------------------------------------------------------------------- 566 Certificate: 567 Data: 568 Version: 3 (0x2) 569 Serial Number: 3752143940 (0xdfa52c44) 570 Signature Algorithm: ecdsa-with-SHA256 571 Issuer: CN=ROUTER-00010000 572 Validity 573 Not Before: Jan 1 05:00:00 2017 GMT 574 Not After : Jul 1 05:00:00 2018 GMT 575 Subject: CN=ROUTER-00010000 576 Subject Public Key Info: 577 Public Key Algorithm: id-ecPublicKey 578 Public-Key: (256 bit) 579 pub: 580 04:28:fc:5f:e9:af:cf:5f:4c:ab:3f:5f:85:cb:21: 581 2f:c1:e9:d0:e0:db:ea:ee:42:5b:d2:f0:d3:17:5a: 582 a0:e9:89:ea:9b:60:3e:38:f3:5f:b3:29:df:49:56: 583 41:f2:ba:04:0f:1c:3a:c6:13:83:07:f2:57:cb:a6: 584 b8:b5:88:f4:1f 585 ASN1 OID: prime256v1 586 X509v3 extensions: 587 X509v3 Key Usage: 588 Digital Signature 589 X509v3 Subject Key Identifier: 590 47:F2:3B:F1:AB:2F:8A:9D:26:86: 591 4E:BB:D8:DF:27:11:C7:44:06:EC 592 X509v3 Extended Key Usage: 593 1.3.6.1.5.5.7.3.30 594 sbgp-autonomousSysNum: critical 595 Autonomous System Numbers: 596 65536 597 Routing Domain Identifiers: 598 inherit 600 Signature Algorithm: ecdsa-with-SHA256 601 30:45:02:21:00:8c:d9:f8:12:96:88:82:74:03:a1:82:82:18: 602 c5:31:00:ee:35:38:e8:fa:ae:72:09:fe:98:67:01:78:69:77: 603 8c:02:20:5f:ee:3a:bf:10:66:be:28:d3:b3:16:a1:6b:db:66: 604 21:99:ed:a6:e4:ad:64:3c:ba:bf:44:fb:cb:b7:50:91:74 606 -----BEGIN CERTIFICATE----- 607 MIIBijCCATCgAwIBAgIFAN+lLEQwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPUk9V 608 VEVSLTAwMDEwMDAwMB4XDTE3MDEwMTA1MDAwMFoXDTE4MDcwMTA1MDAwMFowGjEY 609 MBYGA1UEAwwPUk9VVEVSLTAwMDEwMDAwMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD 610 QgAEKPxf6a/PX0yrP1+FyyEvwenQ4Nvq7kJb0vDTF1qg6Ynqm2A+OPNfsynfSVZB 611 8roEDxw6xhODB/JXy6a4tYj0H6NjMGEwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBRH 612 8jvxqy+KnSaGTrvY3ycRx0QG7DATBgNVHSUEDDAKBggrBgEFBQcDHjAeBggrBgEF 613 BQcBCAEB/wQPMA2gBzAFAgMBAAChAgUAMAoGCCqGSM49BAMCA0gAMEUCIQCM2fgS 614 loiCdAOhgoIYxTEA7jU46Pqucgn+mGcBeGl3jAIgX+46vxBmvijTsxaha9tmIZnt 615 puStZDy6v0T7y7dQkXQ= 616 -----END CERTIFICATE----- 618 A.3. BGPsec IPv4 620 BGPsec IPv4 UPDATE from AS(65536) to AS(65537): 621 =============================================== 622 Binary Form of BGPsec UPDATE (TCP-DUMP): 624 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 625 01 03 02 00 00 00 EC 40 01 01 02 80 04 04 00 00 626 00 00 80 0E 0D 00 01 01 04 C6 33 64 64 00 18 C0 627 00 02 90 1E 00 CD 00 0E 01 00 00 01 00 00 01 00 628 00 00 FB F0 00 BF 01 47 F2 3B F1 AB 2F 8A 9D 26 629 86 4E BB D8 DF 27 11 C7 44 06 EC 00 48 30 46 02 630 21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 9C D4 5E 631 81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D 0E A8 4E AF 632 37 16 02 21 00 90 F2 C1 29 AB B2 F3 9B 6A 07 96 633 3B D5 55 A8 7A B2 B7 33 3B 7B 91 F1 66 8F D8 61 634 8C 83 FA C3 F1 AB 4D 91 0F 55 CA E7 1A 21 5E F3 635 CA FE 3A CC 45 B5 EE C1 54 00 48 30 46 02 21 00 636 EF D4 8B 2A AC B6 A8 FD 11 40 DD 9C D4 5E 81 D6 637 9D 2C 87 7B 56 AA F9 91 C3 4D 0E A8 4E AF 37 16 638 02 21 00 8E 21 F6 0E 44 C6 06 6C 8B 8A 95 A3 C0 639 9D 3A D4 37 95 85 A2 D7 28 EE AD 07 A1 7E D7 AA 640 05 5E CA 642 Signature from AS(64496) to AS(65536): 643 -------------------------------------- 644 Digest: 21 33 E5 CA A0 26 BE 07 3D 9C 1B 4E FE B9 B9 77 645 9F 20 F8 F5 DE 29 FA 98 40 00 9F 60 47 D0 81 54 646 Signature: 30 46 02 21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 647 9C D4 5E 81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D 0E 648 A8 4E AF 37 16 02 21 00 8E 21 F6 0E 44 C6 06 6C 649 8B 8A 95 A3 C0 9D 3A D4 37 95 85 A2 D7 28 EE AD 650 07 A1 7E D7 AA 05 5E CA 652 Signature from AS(65536) to AS(65537): 653 -------------------------------------- 654 Digest: 01 4F 24 DA E2 A5 21 90 B0 80 5C 60 5D B0 63 54 655 22 3E 93 BA 41 1D 3D 82 A3 EC 26 36 52 0C 5F 84 656 Signature: 30 46 02 21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 657 9C D4 5E 81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D 0E 658 A8 4E AF 37 16 02 21 00 90 F2 C1 29 AB B2 F3 9B 659 6A 07 96 3B D5 55 A8 7A B2 B7 33 3B 7B 91 F1 66 660 8F D8 61 8C 83 FA C3 F1 662 The human-readable output is produced using bgpsec-io, a BGPsec 663 traffic generator that uses a Wireshark-like printout. 665 Send UPDATE Message 666 +--marker: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 667 +--length: 259 668 +--type: 2 (UPDATE) 669 +--withdrawn_routes_length: 0 670 +--total_path_attr_length: 236 671 +--ORIGIN: INCOMPLETE (4 bytes) 672 | +--Flags: 0x40 (Well-Known, Transitive, Complete) 673 | +--Type Code: ORIGIN (1) 674 | +--Length: 1 byte 675 | +--Origin: INCOMPLETE (1) 676 +--MULTI_EXIT_DISC (7 bytes) 677 | +--Flags: 0x80 (Optional, Non-transitive, Complete) 678 | +--Type Code: MULTI_EXIT_DISC (4) 679 | +--Length: 4 bytes 680 | +--data: 00 00 00 00 681 +--MP_REACH_NLRI (16 bytes) 682 | +--Flags: 0x80 (Optional, Non-transitive, Complete) 683 | +--Type Code: MP_REACH_NLRI (14) 684 | +--Length: 13 bytes 685 | +--Address family: IPv4 (1) 686 | +--Subsequent address family identifier: Unicast (1) 687 | +--Next hop network address: (4 bytes) 688 | | +--Next hop: 198.51.100.100 689 | +--Subnetwork points of attachment: 0 690 | +--Network layer reachability information: (4 bytes) 691 | +--192.0.2.0/24 692 | +--MP Reach NLRI prefix length: 24 693 | +--MP Reach NLRI IPv4 prefix: 192.0.2.0 694 +--BGPSEC Path Attribute (209 bytes) 695 +--Flags: 0x90 (Optional, Complete, Extended Length) 696 +--Type Code: BGPSEC Path Attribute (30) 697 +--Length: 205 bytes 698 +--Secure Path (14 bytes) 699 | +--Length: 14 bytes 700 | +--Secure Path Segment: (6 bytes) 701 | | +--pCount: 1 702 | | +--Flags: 0 703 | | +--AS number: 65536 (1.0) 704 | +--Secure Path Segment: (6 bytes) 705 | +--pCount: 1 706 | +--Flags: 0 707 | +--AS number: 64496 (0.64496) 708 +--Signature Block (191 bytes) 709 +--Length: 191 bytes 710 +--Algo ID: 1 711 +--Signature Segment: (94 bytes) 712 | +--SKI: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC 713 | +--Length: 72 bytes 714 | +--Signature: 3046022100EFD48B 2AACB6A8FD1140DD 715 | 9CD45E81D69D2C87 7B56AAF991C34D0E 716 | A84EAF3716022100 90F2C129ABB2F39B 717 | 6A07963BD555A87A B2B7333B7B91F166 718 | 8FD8618C83FAC3F1 719 +--Signature Segment: (94 bytes) 720 +--SKI: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154 721 +--Length: 72 bytes 722 +--Signature: 3046022100EFD48B 2AACB6A8FD1140DD 723 9CD45E81D69D2C87 7B56AAF991C34D0E 724 A84EAF3716022100 8E21F60E44C6066C 725 8B8A95A3C09D3AD4 379585A2D728EEAD 726 07A17ED7AA055ECA 728 A.4. BGPsec IPv6 730 BGPsec IPv6 UPDATE from AS(65536) to AS(65537): 731 =============================================== 732 Binary Form of BGP/BGPsec UPDATE (TCP-DUMP): 734 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 735 01 10 02 00 00 00 F9 40 01 01 02 80 04 04 00 00 736 00 00 80 0E 1A 00 02 01 10 20 01 00 10 00 00 00 737 00 00 00 00 00 C6 33 64 64 00 20 20 01 0D B8 90 738 1E 00 CD 00 0E 01 00 00 01 00 00 01 00 00 00 FB 739 F0 00 BF 01 47 F2 3B F1 AB 2F 8A 9D 26 86 4E BB 740 D8 DF 27 11 C7 44 06 EC 00 48 30 46 02 21 00 EF 741 D4 8B 2A AC B6 A8 FD 11 40 DD 9C D4 5E 81 D6 9D 742 2C 87 7B 56 AA F9 91 C3 4D 0E A8 4E AF 37 16 02 743 21 00 D1 B9 4F 62 51 04 6D 21 36 A1 05 B0 F4 72 744 7C C5 BC D6 74 D9 7D 28 E6 1B 8F 43 BD DE 91 C3 745 06 26 AB 4D 91 0F 55 CA E7 1A 21 5E F3 CA FE 3A 746 CC 45 B5 EE C1 54 00 48 30 46 02 21 00 EF D4 8B 747 2A AC B6 A8 FD 11 40 DD 9C D4 5E 81 D6 9D 2C 87 748 7B 56 AA F9 91 C3 4D 0E A8 4E AF 37 16 02 21 00 749 E2 A0 2C 68 FE 53 CB 96 93 4C 78 1F 5A 14 A2 97 750 19 79 20 0C 91 56 ED F8 55 05 8E 80 53 F4 AC D3 752 Signature from AS(64496) to AS(65536): 753 -------------------------------------- 754 Digest: 8A 0C D3 E9 8E 55 10 45 82 1D 80 46 01 D6 55 FC 755 52 11 89 DF 4D B0 28 7D 84 AC FC 77 55 6D 06 C7 756 Signature: 30 46 02 21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 757 9C D4 5E 81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D 0E 758 A8 4E AF 37 16 02 21 00 E2 A0 2C 68 FE 53 CB 96 759 93 4C 78 1F 5A 14 A2 97 19 79 20 0C 91 56 ED F8 760 55 05 8E 80 53 F4 AC D3 762 Signature from AS(65536) to AS(65537): 763 -------------------------------------- 764 Digest: 44 49 EC 70 8D EC 5C 85 00 C2 17 8C 72 FE 4C 79 765 FF A9 3C 95 31 61 01 2D EE 7E EE 05 46 AF 5F D0 766 Signature: 30 46 02 21 00 EF D4 8B 2A AC B6 A8 FD 11 40 DD 767 9C D4 5E 81 D6 9D 2C 87 7B 56 AA F9 91 C3 4D 0E 768 A8 4E AF 37 16 02 21 00 D1 B9 4F 62 51 04 6D 21 769 36 A1 05 B0 F4 72 7C C5 BC D6 74 D9 7D 28 E6 1B 770 8F 43 BD DE 91 C3 06 26 772 The human-readable output is produced using bgpsec-io, a BGPsec 773 traffic generator that uses a Wireshark-like printout. 775 Send UPDATE Message 776 +--marker: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 777 +--length: 272 778 +--type: 2 (UPDATE) 779 +--withdrawn_routes_length: 0 780 +--total_path_attr_length: 249 781 +--ORIGIN: INCOMPLETE (4 bytes) 782 | +--Flags: 0x40 (Well-Known, Transitive, Complete) 783 | +--Type Code: ORIGIN (1) 784 | +--Length: 1 byte 785 | +--Origin: INCOMPLETE (1) 786 +--MULTI_EXIT_DISC (7 bytes) 787 | +--Flags: 0x80 (Optional, Non-transitive, Complete) 788 | +--Type Code: MULTI_EXIT_DISC (4) 789 | +--Length: 4 bytes 790 | +--data: 00 00 00 00 791 +--MP_REACH_NLRI (29 bytes) 792 | +--Flags: 0x80 (Optional, Non-transitive, Complete) 793 | +--Type Code: MP_REACH_NLRI (14) 794 | +--Length: 26 bytes 795 | +--Address family: IPv6 (2) 796 | +--Subsequent address family identifier: Unicast (1) 797 | +--Next hop network address: (16 bytes) 798 | | +--Next hop: 2001:0010:0000:0000:0000:0000:c633:6464 799 | +--Subnetwork points of attachment: 0 800 | +--Network layer reachability information: (5 bytes) 801 | +--2001:db8::/32 802 | +--MP Reach NLRI prefix length: 32 803 | +--MP Reach NLRI IPv6 prefix: 2001:db8:: 805 +--BGPSEC Path Attribute (209 bytes) 806 +--Flags: 0x90 (Optional, Complete, Extended Length) 807 +--Type Code: BGPSEC Path Attribute (30) 808 +--Length: 205 bytes 809 +--Secure Path (14 bytes) 810 | +--Length: 14 bytes 811 | +--Secure Path Segment: (6 bytes) 812 | | +--pCount: 1 813 | | +--Flags: 0 814 | | +--AS number: 65536 (1.0) 815 | +--Secure Path Segment: (6 bytes) 816 | +--pCount: 1 817 | +--Flags: 0 818 | +--AS number: 64496 (0.64496) 819 +--Signature Block (191 bytes) 820 +--Length: 191 bytes 821 +--Algo ID: 1 822 +--Signature Segment: (94 bytes) 823 | +--SKI: 47F23BF1AB2F8A9D26864EBBD8DF2711C74406EC 824 | +--Length: 72 bytes 825 | +--Signature: 3046022100EFD48B 2AACB6A8FD1140DD 826 | 9CD45E81D69D2C87 7B56AAF991C34D0E 827 | A84EAF3716022100 D1B94F6251046D21 828 | 36A105B0F4727CC5 BCD674D97D28E61B 829 | 8F43BDDE91C30626 830 +--Signature Segment: (94 bytes) 831 +--SKI: AB4D910F55CAE71A215EF3CAFE3ACC45B5EEC154 832 +--Length: 72 bytes 833 +--Signature: 3046022100EFD48B 2AACB6A8FD1140DD 834 9CD45E81D69D2C87 7B56AAF991C34D0E 835 A84EAF3716022100 E2A02C68FE53CB96 836 934C781F5A14A297 1979200C9156EDF8 837 55058E8053F4ACD3 839 Acknowledgements 841 The authors wish to thank Geoff Huston and George Michaelson for 842 producing [RFC7935], which this document is entirely based on. The 843 authors would also like to thank Roque Gagliano, David Mandelberg, 844 Tom Petch, Sam Weiler, and Stephen Kent for their reviews and 845 comments. Mehmet Adalier, Kotikalapudi Sriram, and Doug Montgomery 846 were instrumental in developing the test vectors found in Appendix A. 847 Additionally we want to thank Geoff Huston, author of [RFC5398] from 848 where we borrowed wording for Section 2.1 of this document. 850 Authors' Addresses 852 Sean Turner 853 sn3rd 855 Email: sean@sn3rd.com 857 Oliver Borchert 858 NIST 859 100 Bureau Drive 860 Gaithersburg, MD 20899 861 United States of America 863 Email: oliver.borchert@nist.gov