draft-ietf-sidr-ghostbusters-05.txt   draft-ietf-sidr-ghostbusters-06.txt 
Network Working Group R. Bush Network Working Group R. Bush
Internet-Draft Internet Initiative Japan Internet-Draft Internet Initiative Japan
Intended status: Standards Track July 10, 2011 Intended status: Standards Track July 11, 2011
Expires: January 11, 2012 Expires: January 12, 2012
The RPKI Ghostbusters Record The RPKI Ghostbusters Record
draft-ietf-sidr-ghostbusters-05 draft-ietf-sidr-ghostbusters-06
Abstract Abstract
In the Resource Public Key Infrastructure (RPKI), resource In the Resource Public Key Infrastructure (RPKI), resource
certificates completely obscure names or any other information which certificates completely obscure names or any other information which
might be useful for contacting responsible parties to deal with might be useful for contacting responsible parties to deal with
issues of certificate expiration, maintenance, roll-overs, issues of certificate expiration, maintenance, roll-overs,
compromises, etc. This draft describes the RPKI Ghostbusters Record compromises, etc. This draft describes the RPKI Ghostbusters Record
containing human contact information to be signed (indirectly) by a containing human contact information to be signed (indirectly) by a
resource-owning certificate. The data in the record are those of a resource-owning certificate. The data in the record are those of a
severely profiled vCARD. severely profiled vCARD.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in [RFC2119].
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 11, 2012. This Internet-Draft will expire on January 12, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 22 skipping to change at page 2, line 22
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Suggested Reading . . . . . . . . . . . . . . . . . . . . . . . 3 2. Suggested Reading . . . . . . . . . . . . . . . . . . . . . . . 3
3. RPKI Ghostbusters Record Payload Example . . . . . . . . . . . 4 3. RPKI Ghostbusters Record Payload Example . . . . . . . . . . . 4
4. vCARD Profile . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. vCARD Profile . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. CMS Packaging . . . . . . . . . . . . . . . . . . . . . . . . . 5 5. CMS Packaging . . . . . . . . . . . . . . . . . . . . . . . . . 5
6. Validation . . . . . . . . . . . . . . . . . . . . . . . . . . 5 6. Validation . . . . . . . . . . . . . . . . . . . . . . . . . . 6
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
8.1. OID . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 8.1. OID . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
8.2. File Extension . . . . . . . . . . . . . . . . . . . . . . 6 8.2. File Extension . . . . . . . . . . . . . . . . . . . . . . 6
8.3. Media Type . . . . . . . . . . . . . . . . . . . . . . . . 7 8.3. Media Type . . . . . . . . . . . . . . . . . . . . . . . . 7
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
10.1. Normative References . . . . . . . . . . . . . . . . . . . 7 10.1. Normative References . . . . . . . . . . . . . . . . . . . 7
10.2. Informative References . . . . . . . . . . . . . . . . . . 8 10.2. Informative References . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8
skipping to change at page 5, line 48 skipping to change at page 5, line 48
Similarly to a ROA, the Ghostbusters Record is verified using an EE Similarly to a ROA, the Ghostbusters Record is verified using an EE
certificate issued under the CA certificate associated with the certificate issued under the CA certificate associated with the
resource-holding certificate whose maintainer is described in the resource-holding certificate whose maintainer is described in the
vCARD. vCARD.
The EE certificate used to verify the Ghostbusters Record is the one The EE certificate used to verify the Ghostbusters Record is the one
that appears in the CMS data structure that contains the payload that appears in the CMS data structure that contains the payload
defined above. defined above.
This EE certificate MUST describe its internet number resources using
the "inherit" attribute, rather than explicit description of a
resource set, see [RFC3779].
6. Validation 6. Validation
The validation procedure defined in Section 3 of The validation procedure defined in Section 3 of
[I-D.ietf-sidr-signed-object] is applied to a Ghostbusters Record. [I-D.ietf-sidr-signed-object] is applied to a Ghostbusters Record.
After this procedure has been performed, the Version number type After this procedure has been performed, the Version number type
within the payload is checked, and the OCTET STRING containing the within the payload is checked, and the OCTET STRING containing the
vCARD data is extracted. These data are checked against the profile vCARD data is extracted. These data are checked against the profile
defined in Section 4 of this document. Only if all of these checks defined in Section 4 of this document. Only if all of these checks
pass is the Ghostbusters payload deemed valid and made available to pass is the Ghostbusters payload deemed valid and made available to
the application that requested the payload. the application that requested the payload.
7. Security Considerations 7. Security Considerations
skipping to change at page 7, line 32 skipping to change at page 7, line 36
File extension(s): .gbr File extension(s): .gbr
Macintosh File Type Code(s): Macintosh File Type Code(s):
Person & email address to contact for further information: Person & email address to contact for further information:
Randy Bush <randy@psg.com> Randy Bush <randy@psg.com>
Intended usage: COMMON Intended usage: COMMON
Author/Change controller: Randy Bush <randy@psg.com> Author/Change controller: Randy Bush <randy@psg.com>
9. Acknowledgments 9. Acknowledgments
The author wishes to thank Russ Housley, the authors of The author wishes to thank Russ Housley, the authors of
[I-D.ietf-sidr-repos-struct], Stephen Kent, Sandy Murphy, and Michael [I-D.ietf-sidr-repos-struct], Stephen Kent, Sandy Murphy, Rob
Elkins for their contributions. Austein, and Michael Elkins for their contributions.
10. References 10. References
10.1. Normative References 10.1. Normative References
[I-D.ietf-sidr-repos-struct] [I-D.ietf-sidr-repos-struct]
Huston, G., Loomans, R., and G. Michaelson, "A Profile for Huston, G., Loomans, R., and G. Michaelson, "A Profile for
Resource Certificate Repository Structure", Resource Certificate Repository Structure",
draft-ietf-sidr-repos-struct-08 (work in progress), draft-ietf-sidr-repos-struct-08 (work in progress),
June 2011. June 2011.
skipping to change at page 8, line 13 skipping to change at page 8, line 16
May 2011. May 2011.
[I-D.ietf-vcarddav-vcardrev] [I-D.ietf-vcarddav-vcardrev]
Perreault, S., "vCard Format Specification", Perreault, S., "vCard Format Specification",
draft-ietf-vcarddav-vcardrev-22 (work in progress), draft-ietf-vcarddav-vcardrev-22 (work in progress),
May 2011. May 2011.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP
Addresses and AS Identifiers", RFC 3779, June 2004.
10.2. Informative References 10.2. Informative References
[I-D.ietf-sidr-arch] [I-D.ietf-sidr-arch]
Lepinski, M. and S. Kent, "An Infrastructure to Support Lepinski, M. and S. Kent, "An Infrastructure to Support
Secure Internet Routing", draft-ietf-sidr-arch-13 (work in Secure Internet Routing", draft-ietf-sidr-arch-13 (work in
progress), May 2011. progress), May 2011.
[I-D.ietf-sidr-cp] [I-D.ietf-sidr-cp]
Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate
Policy (CP) for the Resource PKI (RPKI", Policy (CP) for the Resource PKI (RPKI",
 End of changes. 9 change blocks. 
9 lines changed or deleted 15 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/