Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston )

Published byDamon Caldwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston )"— Presentation transcript:

1 Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston )

2 Key Rollover Document New doc: draft-huston-sidr-aao-profile-0- keyroll-00.txt Formerly a (non-normative) section of the resource profile, now expanded with more details Target is a standards track RFC from SIDR The document describes – what CAs have to do to effect key rollover – what RPs can expect during key rollover 2

3 Relation to Repository Structure Rekey design relies on some conventions in draft-ietf-sidr- repos-struct-04.txt – The file name for a CA certificate is derived from the public key in that certificate – The file name for a CRL is derived from public key of the CA that issued the CRL – The file name for a manifest is derived from the public key of the CA that issued the manifest – The file name for an EE certificate is derived from the public key in that certificate – These conventions are important as they determine which files are overwritten and which persist, during rekey RPs also need the CA to use a read lock on a directory (publication point) while contents are being changed 3

4 Relation to Resource Certificate Profile Rekey relies on the AIA extension in a certificate pointing to the parent certificate and CRL files (vs. to the directory in which these files are stored) Use of the 3 character file suffixes (for certificates, CRLs, ROAs, and manifests) probably makes life easier for RPs in all cases Other?? 4

5 Key Rollover Example 5 CA X Pub Point CA Y Pub Point CA Z Pub Point CA Y Cert CA Y CRL CA Z Cert CA Z CRL CA Z Manifest CA Y Manifest CA Y ROA 1 CA Z ROA 1 CA Y is rekeying CA X CRL CA X Manifest CA Y ROA 2 CA Z ROA 2 CA x ROA 1 CA x ROA 2

6 CA Key Rollover States Current – the active CA used to issue certificates New – the CA being created, not yet issuing certificates not yet used for validation Pending – CA is reissuing certificates from Current CA, but is not yet accepting new certificate requests (no revocation requests accepted?) Old – CA does not accept certificate requests, but does continue to issue CRLs for certificates issued under its key, and generates new manifests (and, hence EE certificates for these manifests), until the old CA certificate is revoked (a short interval) (These states are internal to the rekeying CA) 6

7 Key Rollover Steps 1-4 1. The CA that is rekeying generates a NEW key pair 2. It then generates a certificate request with the NEW key pair and passes the request to the its parent CA 3. The parent CA generates a new name for the CA that is rekeying, signs the certificate and publishes it 4. The "Staging Period” begins (duration is selected by the CA that is rekeying). The period MUST be no less than 24 hours. This interval is intended to allow all RPs to acquire the CA certificate with the new key before any new subordinate certificates are published (the new CA might also publish a CRL during this interval, with no entries, and with a next issue date after the interval ends) 7

8 Key Rollover Steps 5 & 6 5. Upon expiration of the Staging Period, the rekeying CA suspends the processing of certificate issuance requests (and revocation requests??). Mark the CURRENT CA as OLD and the NEW CA as PENDING. Halt the operation of the OLD CA for all operations except the issuance of CRLs and EE certificates for manifests. (What about emergency rekey requests during this period, e.g., if it is longer than 1 day?) 6. Use the PENDING CA to generate new certificates for all existing subordinate CA and (multi-use?) EE certificates, and publish them in the same repository publication point and with the same file names as the previous OLD subordinate CA and EE certificates (thus over-writing). The keys in these reissued certificates MUST NOT change. 8

9 Key Rollover Step 7 7. Each signed object (other than manifests) that includes an OLD CA-issued EE certificate in its signed data (e.g., a ROA) will need to be re-signed using an EE certificate issued by the PENDING CA. For a "single use” EE certificate, if the associated private key has been destroyed, this requires generating a new key pair, re-issuing the EE certificate under the PENDING CA, and signing the data by the newly generated private key. For a "multi-use" EE certificate, the EE certificate is re-issued using the PENDING CA. The object will be signed with the associated private key, and published in the same repository publication point, using the same file name as the previously signed object that it replaces. 9

10 Key Rollover Steps 8-11 8. Use the OLD CA to issue a manifest that lists only the OLD CA's CRL, and use the PENDING CA to issue a manifest that lists all CA and EE certificates and the new CRL issued by the PENDING CA. 9.Mark the PENDING CA as CURRENT and resume processing (CA) certificate issuance requests 10. Generate a certificate revocation request for the OLD CA certificate and pass it to the parent of the CA that is rekeying (what triggers this, e.g., expiration of last certificate issued under the old CA? ) 11. Wait for the OLD CA certificate to be revoked then remove the OLD CA's CRL and manifest and destroy the OLD CA’s private key. 10

11 Example: After Rollover 11 CA X Pub Point CA Y Pub Point CA Y Cert CA Z Cert CA Y Manifest CA Y ROA 1 Old cert, old key CA X CRL CA X Manifest CA Y ROA 2 CA x ROA 1 CA x ROA 2 New cert, same public key New EE certs and keys New CRL, under new key CA Y CRL CA Y Manifest Old CRL, under old key New manifest, under new key Old manifest, under old key CA Y CRL CA Y Cert New key, new cert

12 Example: Rollover Really Complete! 12 CA X Pub Point CA Y Pub Point CA Y Cert CA Z Cert CA Y Manifest CA Y ROA 1 CA X CRL CA X Manifest CA Y ROA 2 CA x ROA 1 CA x ROA 2 New cert, same public key New EE certs and keys New CRL, under new key CA Y CRL New manifest, under new key New key, new cert

13 Relying Parties The key rollover designs assumes that each RP will sync its local cache within 24 hours or less This requirement is tied to the staging period for the key rollover, which is set to no less than 24 hours The period allows all RPs to acquire the NEW CA certificate, so that when the CA that is rekeying issues NEW subordinate CA certificates, ROAs, etc., all RPs will be able to validate them During the staging period RPs will acquire and validate the OLD products signed by the CA that is rekeying, because the OLD CA certificate is still available, and no new products have yet been published The repository system relies on locking during the interval when a CA publishes new certificates, CRLs, and ROAs, so that the manifest associated with a set of signed objects is consistent 13

14 Comments Note that this is a brand new document, and thus needs review and comments from the WG I noted a few issues that need to be addressed in the course of this presentation (in red) The biggest question, from my perspective, is whether we should try to adopt a common model for key rollover and algorithm transition (see Roque’s presentation) 14

Download ppt "Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston )"

Similar presentations

RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.

A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 70.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 70.
Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.

Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.
RPKI Certificate Policy Status Update Stephen Kent.

RPKI Certificate Policy Status Update Stephen Kent.
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.

RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.

1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
RPKI Validation - Revisited draft-huston-rpki-validation-01.txt Geoff Huston George Michaelson APNIC Slide 1/19.

RPKI Validation - Revisited draft-huston-rpki-validation-01.txt Geoff Huston George Michaelson APNIC Slide 1/19.
RPKI Validation - Revisited draft-huston-rpki-validation-00.txt Geoff Huston George Michaelson APNIC.

RPKI Validation - Revisited draft-huston-rpki-validation-00.txt Geoff Huston George Michaelson APNIC.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Local TA Management In prior WG meetings I presented a model for local management of trust anchors for the RPKI In response to these presentations, a.

Local TA Management In prior WG meetings I presented a model for local management of trust anchors for the RPKI In response to these presentations, a.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

Similar presentations

Ads by Google