[routing-wg] request for feedback: a RPKI Certificate Transparency project?
- Previous message (by thread): [routing-wg] request for feedback: a RPKI Certificate Transparency project?
- Next message (by thread): [routing-wg] request for feedback: a RPKI Certificate Transparency project?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ben Maddison
benm at workonline.africa
Fri Sep 10 13:11:46 CEST 2021
Hi Tim, On 09/10, Tim Bruijnzeels wrote: > > > > On 10 Sep 2021, at 11:57, Job Snijders <job at fastly.com> wrote: > > > > On Fri, Sep 10, 2021 at 11:39:39AM +0200, Tim Bruijnzeels wrote: > >> I think all would agree that transparency is good. > >> > >> A key difference between RPKI and most other PKIs is that in the RPKI > >> all objects are published in the open for all the see. > > > > Small nitpick: all objects are SUPPOSED to be published, in the open, > > for all to see. However it is important to keep in mind we cannot assume > > all objects were published in a way for all to see. > > > >> As you mentioned your RPKI validator may miss intermediate state > >> changes if it retrieves objects using rsync, but the RRDP protocol > >> supports deltas, see [1]. > >> > >> I believe that transparency can most easily be achieved by ensuring > >> that these deltas are preserved, and that they cannot be modified. > > > > RRDP is an unauthenticated and unsigned protocol. It is possible for a > > Publication Point to present different RRDP deltas to one RP compared to > > what they present to another RP. Archiving RRDP deltas is interesting, > > but IMHO happens too late in the pipeline for TA/CA audit purposes. > > > > RRDP is not a replacement for Certificate Transparency, both > > technologies solve different problems. > > I did not say that it was. > > I just suggested that *in the context of RPKI* RRDP can be used as a basis > to keep track of all historic public changes. > Archiving the RRDP deltas can certainly provide information as to what was observed at the publication points, but the security of the RPKI system lives at the object-signing layer, and so an audit log needs to capture activity at that layer: issuance actions by the CA. Comparing a CT log to RRDP delta archive could certainly be useful in many cases, but that's exactly because they say things about different parts of the infrastructure. Cheers, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <https://lists.ripe.net/ripe/mail/archives/routing-wg/attachments/20210910/9597fbae/attachment.sig>
- Previous message (by thread): [routing-wg] request for feedback: a RPKI Certificate Transparency project?
- Next message (by thread): [routing-wg] request for feedback: a RPKI Certificate Transparency project?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]