Presentation is loading. Please wait.

Presentation is loading. Please wait.

Resource Certificate Provisioning Protocol Geoff Huston IETF 70 December 2007.

Published byAllison Gregory Modified over 8 years ago

Similar presentations

Presentation on theme: "Resource Certificate Provisioning Protocol Geoff Huston IETF 70 December 2007."— Presentation transcript:

1 Resource Certificate Provisioning Protocol Geoff Huston IETF 70 December 2007

2 Problem Statement How to automate the process of certificate issuance such that the issued certificate accurately tracks the current resource allocation status Avoid situations where the issued certificate “overclaims” resources The issued certificate “underclaims” resources

3 Scenario Certificate Issuer Internet Registry Certificate Subject Resource Holder Allocates / Assigns Addresses Issues Resource Certificates

4 Scenario Certificate Issuer Internet Registry Certificate Subject Resource Holder Allocates / Assigns Addresses Issues Resource Certificates Resource Certificate Provisioning Protocol

5 Protocol Characteristics Simple Client / Server protocol using a request / response interaction over a secure reliable channel Client Server HTTPS POST HTTPS RESPONSE

6 Protocol Payload Cryptographic Message Syntax (CMS) SignedData object type Include Signing Time in the CMS wrapper Include CMS signing cert in the CMS wrapper XML Data Objects Carried as CMS payload

7 XML Message Structure <message xmlns="http://www.apnic.net/specs/rescerts/up-down/" version="1" sender="sender name" recipient = "recipient name" type="message type"> [payload]

8 Messages Query Issue Revoke

9 Query Message Request: type=“list” Response: List of Resource “classes” List of allocated / assigned Number Resources within this class Issued certificate(s) for this class

10 Issue Message Request: type=“issue” Payload: Resource “class” name PKCS#10 Certificate Request Response: Payload: Issued certificate

11 Revoke Message Request: type=“revoke” Payload: Resource “class” name Subject’s public key Response: Payload: confirmation of revocation

12 Error Responses Error status returned when the request could not be performed

13 Protocol Specification Current (unsubmitted) draft is: http://www.potaroo.net/drafts/draft-ietf-sidr-rescerts- provisioning-00.html

14 Next Steps Adoption of the specification of this provisioning protocol as a SIDR WG Document?

Download ppt "Resource Certificate Provisioning Protocol Geoff Huston IETF 70 December 2007."

Similar presentations

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.
Proxy Certificate Profile Douglas E. Engert Argonne National Laboratory 12/14/2001 COPYRIGHT STATUS: Documents authored by Argonne National.

Proxy Certificate Profile Douglas E. Engert Argonne National Laboratory 12/14/2001 COPYRIGHT STATUS: Documents authored by Argonne National.
RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.

A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 70.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 70.
The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.

The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,

Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,
RPKI and Routing Security ICANN 44 June 2012. Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.

RPKI and Routing Security ICANN 44 June Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.
Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.

Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC.

Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC.
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Similar presentations

Ads by Google