resource transfer protocol and transfer authorization
TRANSCRIPT
![Page 1: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/1.jpg)
1
Resource Transfer Protocol and Transfer Authorization Object (TAO)
Author: Edric Barnes <[email protected]>Presenter: David Mandelberg <[email protected]>
draft-barnes-sidr-tao-00IETF 89
![Page 2: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/2.jpg)
2
Background
● Geoff Huston pointed out that transferring resources is somewhat complicated
● Steve Kent suggested a way to automate resource transfers without modifying RFC3779 semantics
● Edric Barnes fleshed out Steve's idea: draft-barnes-sidr-tao-00
![Page 3: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/3.jpg)
3
Context
● This is not a replacement for the procedural activities associated with INR transfer
● It is a way to help automate RPKI repository maintenance
● It makes use of two new message types based on the up/down protocol (RFC 6492), and a new CMS signed object
![Page 4: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/4.jpg)
4
Terminology: Actors
● Source: CA that wants to transfer INRs● Recipient: CA that wants to receive INRs from the
source● Swing point: lowest common ancestor of the source
and recipient● Source path: source, and all its ancestors up to and
including the swing point● Recipient path: recipient, and all its ancestors up to
and including the swing point
![Page 5: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/5.jpg)
5
Terminology: Transfer Types
● Live: INRs are in use during the transfer, so the source and recipient must simultaneously hold the INRs for an overlap period
● Unused: no overlap period is required
![Page 6: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/6.jpg)
6
High-level Overview
1. Source publishes a Transfer Authorization Object (TAO) and informs the recipient
2. Source and recipient independently pursue transfer by each sending transfer_request messages to their own ancestors, recursively
3. Swing point receives transfer_requests from both paths and transfers the resources.– Swing point issues a certificate with the transferred INRs down the recipient path
– CAs between the swing point and the recipient do the same
– CAs between the swing point and the source relay success and, for a live INR transfer, await the end of the transfer period to remove the INRs from the source path
● Note: any CA along the path can reject the transfer.
![Page 7: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/7.jpg)
7
Protocol Requirements
● Swing point exists● Source and recipient don't re-key during transfer● Source has not sub-delegated the resources being
transferred● Recipient already has a CA certificate● Source is not an ancestor of recipient, or vice versa
(already covered by existing procedures)
![Page 8: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/8.jpg)
8
Scenario
Alice (swing point)
Bob Carol
Dave (source)
recipient pathsour
ce p
ath
Eve (recipient)
![Page 9: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/9.jpg)
9
TAO
● A TAO is a CMS signed object conforming to RFC 6488● The eContent is ASN.1 with the following fields:
– transferFromSKI: SKI of the source
– transferToSKI: SKI of the recipient
– ipAddrBlocks, asIdentifiers: INRs to transfer– liveXfer: TRUE for a live INR transfer, FALSE for an unused INR transfer– overlapPeriod: minimum number of seconds that the source and recipient
must both hold the INRs (live INR transfer only). If the recipient does not receive the INRs before the TAO's notAfter minus the overlapPeriod, the transfer is canceled.
![Page 10: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/10.jpg)
10
Unused INR Transfer Example: Start
TAO:transferFromSKI: <Dave's SKI>
transferToSKI: <Eve's SKI>ipAddrBlocks: <IPs to transfer>asIdentifiers: <ASes to transfer>
liveXfer: FALSE
Alice (swing point)
Bob Carol
Dave (source) Eve (recipient)
![Page 11: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/11.jpg)
11
Unused INR Transfer Example: Simultaneous transfer_requests
1a. Up: transfer_request2a. Down: new cert with transferred INRs removed
3a. Up: transfer_request4a. Down: new cert with transferred INRs removed
2b. Up: transfer_request
Alice (swing point)
Bob Carol
Dave (source) Eve (recipient)
TAO
1b. Up: transfer_request
![Page 12: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/12.jpg)
12
Unused INR Transfer Example: Recipient receives INRs
1. Down: new cert with transferred INRs added
Alice (swing point)
Bob Carol
Dave (source) Eve (recipient)
TAO
2. Down: new cert with transferred INRs added
We're done!
![Page 13: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/13.jpg)
13
Live INR Transfer Example: Start
TAO:transferFromSKI: <Dave's SKI>
transferToSKI: <Eve's SKI>ipAddrBlocks: <IPs to transfer>asIdentifiers: <ASes to transfer>
liveXfer: TRUEoverlapPeriod: <number of seconds>
Alice (swing point)
Bob Carol
Dave (source) Eve (recipient)
![Page 14: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/14.jpg)
14
Live INR Transfer Example: Simultaneous transfer_requests
1a. Up: transfer_request
2a. Up: transfer_request 2b. Up: transfer_request
Alice (swing point)
Bob Carol
Dave (source) Eve (recipient)
TAO
1b. Up: transfer_request
![Page 15: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/15.jpg)
15
Live INR Transfer Example: Recipient receives INRs (before TAO's notAfter - overlapPeriod)
1. Down: new cert with transferred INRs added
Alice (swing point)
Bob Carol
Dave (source) Eve (recipient)
TAO
2. Down: new cert with transferred INRs added
![Page 16: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/16.jpg)
16
Live INR Transfer Example: Source relinquishes INRs (after TAO
expires)Alice (swing point)
Bob Carol
Dave (source) Eve (recipient)
TAO
1a. Up: transfer_request2a. Down: new cert with transferred INRs removed
3a. Up: transfer_request4a. Down: new cert with transferred INRs removed
![Page 17: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/17.jpg)
17
Recap
● Unused INR transfer:– Source path relinquishes INRs while recipient path pass
transfer_requests up the path
– Swing point receives two transfer_requests, and passes the INRs down the recipient path
● Live INR transfer:– Source and recipient paths both send transfer_requests up the paths
– Swing point receives two transfer_requests, and passes the INRs down the recipient path
– Source waits for the TAO to expire, then the source initiates relinquishment of the INRs
![Page 18: Resource Transfer Protocol and Transfer Authorization](https://reader030.vdocuments.net/reader030/viewer/2022032515/6236070b27a3fe52bd582dcc/html5/thumbnails/18.jpg)
18
Questions?