A profile for RPKI Signed Groupings of Autonomous System Numbers (ASGroup) Fastly
Amsterdam Netherlands job@fastly.com
Amazon Web Services
Malmskillnadsgatan 36 111 57 Stockholm Sweden fkback@amazon.com
ops sidrops security cryptography X.509 This document defines a Cryptographic Message Syntax (CMS) protected content type for use with the Resource Public Key Infrastructure (RPKI) to carry a general-purpose listing of Autonomous System Numbers (ASNs) and/or pointers to other groupings of ASNs, called an ASGroup. Additionally, the document specifies a mechanism for ASN holders to opt-out of being listed in a given ASGroup. The objective is to offer a RPKI-based successor to plain-text RFC 2622 'as-set' class objects. When validated, an ASGroup confirms that the respective ASN holder produced the ASGroup object.
Introduction This document defines a Cryptographic Message Syntax (CMS) protected content type for a general-purpose listing of Autonomous System Numbers (ASNs) and/or pointers to other groupings of ASNs (an 'ASGroup'), for use with the Resource Public Key Infrastructure (RPKI) . The CMS protected content type is intended to provide for the creation and validation of an RPKI ASGroup, a listing signed by the holder of the private key associated with a particular ASN. RPKI ASGroups are expected to facilitate inter-domain business use cases that depend on an ability to exchange listings of ASNs. Through the use of RPKI ASGroup Opt-Out Listings, resource holders have a degree of control over what Relying Party (RP) implementations emit in relationship to their AS Identifier resources and ASGroups when expanding ASGroups. The objective is to offer a RPKI-based successor to plain-text RFC 2622 'as-set' class objects. The main differences between IRR 'as-set' objects and RPKI ASGroups is the robust cryptographically verifiable authorization and the notion of being able to 'opt-out' of an listing (a feature that in the IRR context is not possible).
Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.
ASGroup and ASGroup Opt-Out Listing Profile ASGroup and ASGroup Opt-Out Listing objects follow the Signed Object Template for the RPKI .
The Certification Authority (CA) MUST only sign one ASGroup or ASGroup Opt-Out Listing with each EE certificate and MUST generate a new key pair for each new ASGroup or ASGroup Opt-Out Listing. This type of EE certificate is termed a "one-time-use" EE certificate (see ).
A guideline for naming ASGroup and ASGroup Opt-Out objects is that the file name chosen in the repository be a value derived from the public key of the EE certificate. One such method of generating a publication name is described in Section 2.1 of ; convert the 160-bit hash of a EE's public key value into a 27-character string using a modified form of Base64 encoding, with an additional modification as proposed in Section 5, table 2, of .
eContentType
The ASGroup eContentType The eContentType for an ASGroup is defined as id-ct-rpkiSignedGrouping, with Object Identifier (OID) 1.2.840.113549.1.9.16.1.TBD. This OID MUST appear within both the eContentType in the encapContentInfo object and the ContentType signed attribute in the signerInfo object (see ).
The ASGroup Opt-Out Listing eContentType The eContentType for an ASGroup Opt-Out Listing is defined as id-ct-rpkiSignedGroupingOptOut, with Object Identifier (OID) 1.2.840.113549.1.9.16.1.TBD. This OID MUST appear within both the eContentType in the encapContentInfo object and the ContentType signed attribute in the signerInfo object (see ).
eContent
The ASGroup eContent The content of an ASGroup indicates a listing of arbitrary ASNs and pointers to other ASGroups which has been signed with a specific Autonomous System identifier. An ASGroup is formally defined as follows: RpkiSignedGrouping-2022 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) mod(0) id-mod-rpkiSignedGrouping-2022(TBD) } DEFINITIONS EXPLICIT TAGS ::= BEGIN IMPORTS CONTENT-TYPE FROM CryptographicMessageSyntax-2010 -- in [RFC6268] { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) } ct-rpkiSignedGrouping CONTENT-TYPE ::= { TYPE RpkiSignedGrouping IDENTIFIED BY id-ct-rpkiSignedGrouping } id-ct-signedChecklist OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) id-smime(16) id-ct(1) TBD } RpkiSignedGrouping ::= SEQUENCE { version [0] INTEGER DEFAULT 0, asID ASID, label GroupingLabel (SIZE(1..100)), referenceable BOOLEAN DEFAULT TRUE, members SEQUENCE (SIZE(0..MAX)) OF ASIdOrGroupingPointer } ASIdOrGroupingPointer ::= CHOICE { id ASID, pointer GroupingPointer } GroupingPointer ::= SEQUENCE { asID ASID, label GroupingLabel (SIZE(1..100)) } ASID ::= INTEGER (1..4294967295) GroupingLabel ::= IA5String (FROM("A".."Z" | "0".."9" | ":" | "_" | "-")) END
Version The version number of the RpkiSignedGrouping MUST be 0.
asID The Autonomous System Number contained here MUST be a subset of the set of resources listed by the EE certificate carried in the CMS certificates field.
label This field contains type GroupingLabel, a IA5String which MUST consist of at least one and no more than a hundred characters chosen from the set A-Z (UPPERCASE ALPHABET), 0-9, - (HYPHEN), _ (UNDERSCORE), or : (COLON). The label field serves as a differentiator to allow a resource holder to produce multiple different ASGroup objects carrying the same ASN in the asID field for different purposes. The value of the label field MUST adhere to the same naming conventions and constraints as hierarchical 'as-set' set names described in Section 5 of ; noting the first component of the set name is the value of the above asID field.
referenceable This field is a BOOLEAN. If the referenceable boolean is set to FALSE, a Relying Party (RP) which encounters a GroupingPointer in an ASGroup which matches the asID and label of this ASGroup MUST ignore the GroupingPointer. If multiple ASGroup objects exist in the RPKI repositories with the same asID and label, but the referenceable boolean set to different values; the TRUE value takes precedence.
members This field contains a SEQUENCE of ASIdOrGroupingPointer CHOICE.
Choice ASIdOrGroupingPointer This field contains a CHOICE of either an ASID or a GroupingPointer.
Element ASID This field contains a INTEGER which is a reference to an Autonomous System Number.
Element GroupingPointer This field contains a SEQUENCE which contains an ASID (a reference to an Autonomous System Number) and a GroupingLabel (a IA5String). The asID value and label in a GroupingPointer SHOULD NOT match the asID and label in the RpkiSignedGrouping; e.g. an ASGroup SHOULD NOT point to itself.
The ASGroup Opt-Out Listing eContent The content of an ASGroup Opt-Out Listing indicates an opt-out listing of arbitrary ASNs and pointers to other ASGroups which has been signed with a specific Autonomous System identifier. The purpose of ASGroup Opt-Out Listings is to provide a means to negate references in ASGroup objects (not under control of the resource holder) towards resources held by the resource holder. An ASGroup Opt-Out Listing is formally defined as follows: RpkiSignedGroupingOptOut-2022 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) mod(0) id-mod-rpkiSignedGroupingOptOut-2022(TBD) } DEFINITIONS EXPLICIT TAGS ::= BEGIN IMPORTS CONTENT-TYPE FROM CryptographicMessageSyntax-2010 -- in [RFC6268] { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) } ASID, ASIdOrGroupingPointer, GroupingLabel FROM RpkiSignedGrouping-2022 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) mod(0) id-mod-rpkiSignedGrouping-2022(TBD) } ct-rpkiSignedGroupingOptOut CONTENT-TYPE ::= { TYPE RpkiSignedGrouping IDENTIFIED BY id-ct-rpkiSignedGroupingOptOut } id-ct-signedGroupingOptOut OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) id-smime(16) id-ct(1) TBD } RpkiSignedGroupingOptOut ::= SEQUENCE { version [0] INTEGER DEFAULT 0, asID ASID, label GroupingLabel (SIZE(1..100)) OPTIONAL, optOut SEQUENCE (SIZE(0..MAX)) OF ASIdOrGroupingPointer } END
Version The version number of the RpkiSignedGroupingOptOut MUST be 0.
asID The Autonomous System Number contained here MUST be a subset of the set of resources listed by the EE certificate carried in the CMS certificates field.
label This optional field contains type GroupingLabel, a IA5String which MUST consist of at least one and no more than a hundred characters chosen from the set A-Z (UPPERCASE ALPHABET), 0-9, - (HYPHEN), _ (UNDERSCORE), or : (COLON). If the field is absent, the ASGroup Opt-Out Listing entry is considered to mean that any ASGroup objects referenced in the optOut SEQUENCE containing members entries which reference this object's asID value MUST be negated by the RP. if the field is present, any ASGroup objects matching the an entry in the optOut SEQUENCE containing a GroupingPointer which match this ASGroup Opt-Out Listing's asID and label MUST be negated.
optOut This field is a SEQUENCE of ASIdOrGroupingPointer CHOICE entries from which the resource holder wishes to be excluded when expanding ASGroups.
asID If the ASIdOrGroupingPointer CHOICE contains an INTEGER; the meaning is that any references to this RpkiSignedGroupingOptOut's asID in ASGroups matching the asID specified herein MUST be negated.
GroupingPointer The GroupingPointer is a SEQUENCE of an ASID and GroupingLabel, and providers a more granular opt-out mechanism than the above mentioned opt-out.
ASGroup Validation Before a Relying Party (RP) can expand an ASGroup into a listing of Autonomous System Numbers, the RP MUST first validate all ASGroup Opt-Out Listings to be able to honor opt-Out attestations. To validate an ASGroup or ASGroup Opt-Out Listings, the RP MUST perform all the validation checks specified in . In addition, the RP MUST perform the following validation steps:
  1. The contents of the CMS eContent field MUST conform to all of the constraints described in .
  2. The Autonomous System Identifier Delegation extension MUST be present in the EE certificate contained in the CMS certificates field.
  3. The AS identifier present in the RpkiSignedGrouping eContent 'asID' field respectively RpkiSignedGroupingOptOut eContent 'asID' field MUST be a subset of those present in the certificate extension.
  4. The EE certificate's Autonomous System Identifier Delegation extension MUST NOT contain "inherit" elements.
  5. The IP Address Delegation Extension described in is not used in ASGroup or ASGroup Opt-Out Listings and MUST NOT be present.
A list of Validated ASGroup Listings (VALs) is produced by applying a recursive descent to each ASGroup, noting members which are ASIDs and following GroupingPointers. GroupingPointers which point to an ASGroup which has the 'referenceable' boolean set to false MUST be ignored. Members of an ASGroup which match an ASGroup Opt-Out Listing entry MUST be ignored.
Operational Considerations Multiple ASGroup objects could exist which contain the same asID and label. In such cases the union of members forms the set of members. It is highly RECOMMENDED that a compliant CA maintains a single ASGroup for a given (asID, label) tuple. Multiple ASGroup Opt-Out Listing objects could exist which contain the same asID and label. In such cases the union of optOut entries forms the set of optOut entries. It is highly RECOMMENDED that a compliant CA maintains a single ASGroup Opt-Out Listing for a given (asID, label) tuple. If a CA becomes aware of a match in a valid ASGroup Opt-Out Listing for one of its subordinate ASGroup products; the CA SHOULD remove the offending asID or GroupingPointer from the members of the ASGroup and reissue the object.
Security Considerations RPs are hereby warned that the data in an ASGroup is self-asserted. When determining the meaning of any data contained in an ASGroup, RPs MUST NOT make any assumptions about the signer beyond the fact that it had sufficient control of the issuing CA to create the object. While a one-time-use EE certificate must only be used to generate and sign a single ASGroup object, CAs technically are not restricted from generating and signing multiple different ASGroup objects with a single key pair. Any ASGroup objects sharing the same EE certificate cannot be revoked individually.
IANA Considerations
SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1) IANA is requested to allocated the following in the "SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)" registry:
Decimal Description References
TBD id-ct-rpkiSignedGrouping draft-spaghetti-sidrops-rpki-asgroup
TBD id-ct-rpkiSignedGroupingOptOut draft-spaghetti-sidrops-rpki-asgroup
RPKI Signed Objects IANA is requested to register two OIDs in the "RPKI Signed Objects" registry as follows:
Name OID Reference
Signed ASGroup 1.2.840.113549.1.9.16.1.TBD draft-spaghetti-sidrops-rpki-asgroup
Signed ASGroup Opt-Out Listing 1.2.840.113549.1.9.16.1.TBD draft-spaghetti-sidrops-rpki-asgroup
RPKI Repository Name Schemes IANA is requested to add the Signed ASGroup file extension to the "RPKI Repository Name Schemes" registry as follows:
Filename Extension RPKI Object Reference
.grp Signed ASGroup draft-spaghetti-sidrops-rpki-asgroup
.ool Signed ASGroup Opt-Out Listing draft-spaghetti-sidrops-rpki-asgroup
SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0) IANA is requested to allocate the following in the "SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0)" registry:
Decimal Description References
TBD id-mod-rpkiSignedGrouping-2022 draft-spaghetti-sidrops-rpki-asgroup
TBD id-mod-rpkiSignedGroupingOptOut-2022 draft-spaghetti-sidrops-rpki-asgroup
Media Types IANA is requested to register the media types "application/rpki-asgroup" and "application/rpki-asgroupoptout" in the "Media Types" registry as follows:
ASGroup Media Type
Type name:
application
Subtype name:
rpki-asgroup
Required parameters:
N/A
Optional parameters:
N/A
Encoding considerations:
binary
Security considerations:
Carries an RPKI Signed ASGroup. This media type contains no active content. See of draft-spaghetti-sidrops-rpki-asgroup for further information.
Interoperability considerations:
N/A
Published specification:
draft-spaghetti-sidrops-rpki-asgroup
Applications that use this media type:
RPKI operators
Fragment identifier considerations:
N/A
Additional information:

Content:
This media type is a signed object, as defined in [RFC6488], which contains a payload of a list of checksums as defined in draft-spaghetti-sidrops-rpki-asgroup.
Magic number(s):
N/A
File extension(s):
.grp
Macintosh file type code(s):
N/A
Person & email address to contact for further information:
Job Snijders (job@fastly.com)
Intended usage:
COMMON
Restrictions on usage:
N/A
Author:
Job Snijders (job@fastly.com)
Change controller:
IETF
ASGroup Opt-Out Listing Media Type
Type name:
application
Subtype name:
rpki-asgroupoptout
Required parameters:
N/A
Optional parameters:
N/A
Encoding considerations:
binary
Security considerations:
Carries an RPKI Signed ASGroup Opt-out. This media type contains no active content. See of draft-spaghetti-sidrops-rpki-asgroup for further information.
Interoperability considerations:
N/A
Published specification:
draft-spaghetti-sidrops-rpki-asgroup
Applications that use this media type:
RPKI operators
Fragment identifier considerations:
N/A
Additional information:

Content:
This media type is a signed object, as defined in [RFC6488], which contains a payload of an opt-out list as defined in draft-spaghetti-sidrops-rpki-asgroup.
Magic number(s):
N/A
File extension(s):
.ool
Macintosh file type code(s):
N/A
Person & email address to contact for further information:
Job Snijders (job@fastly.com)
Intended usage:
COMMON
Restrictions on usage:
N/A
Author:
Job Snijders (job@fastly.com)
Change controller:
IETF
 References Normative References Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Routing Policy Specification Language (RPSL) RFC Publisher RPSL allows a network operator to be able to specify routing policies at various levels in the Internet hierarchy; for example at the Autonomous System (AS) level. At the same time, policies can be specified with sufficient detail in RPSL so that low level router configurations can be generated from them. RPSL is extensible; new routing protocols and new protocol features can be introduced at any time. [STANDARDS-TRACK] X.509 Extensions for IP Addresses and AS Identifiers This document defines two X.509 v3 certificate extensions. The first binds a list of IP address blocks, or prefixes, to the subject of a certificate. The second binds a list of autonomous system identifiers to the subject of a certificate. These extensions may be used to convey the authorization of the subject to use the IP addresses and autonomous system identifiers contained in the extensions. [STANDARDS-TRACK] Cryptographic Message Syntax (CMS) This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. [STANDARDS-TRACK] A Profile for Resource Certificate Repository Structure This document defines a profile for the structure of the Resource Public Key Infrastructure (RPKI) distributed repository. Each individual repository publication point is a directory that contains files that correspond to X.509/PKIX Resource Certificates, Certificate Revocation Lists and signed objects. This profile defines the object (file) naming scheme, the contents of repository publication points (directories), and a suggested internal structure of a local repository cache that is intended to facilitate synchronization across a distributed collection of repository publication points and to facilitate certification path construction. [STANDARDS-TRACK] A Profile for X.509 PKIX Resource Certificates This document defines a standard profile for X.509 certificates for the purpose of supporting validation of assertions of "right-of-use" of Internet Number Resources (INRs). The certificates issued under this profile are used to convey the issuer's authorization of the subject to be regarded as the current holder of a "right-of-use" of the INRs that are described in the certificate. This document contains the normative specification of Certificate and Certificate Revocation List (CRL) syntax in the Resource Public Key Infrastructure (RPKI). This document also specifies profiles for the format of certificate requests and specifies the Relying Party RPKI certificate path validation procedure. [STANDARDS-TRACK] Signed Object Template for the Resource Public Key Infrastructure (RPKI) This document defines a generic profile for signed objects used in the Resource Public Key Infrastructure (RPKI). These RPKI signed objects make use of Cryptographic Message Syntax (CMS) as a standard encapsulation format. [STANDARDS-TRACK] Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References Internet X.509 Public Key Infrastructure Operational Protocols: Certificate Store Access via HTTP The protocol conventions described in this document satisfy some of the operational requirements of the Internet Public Key Infrastructure (PKI). This document specifies the conventions for using the Hypertext Transfer Protocol (HTTP/HTTPS) as an interface mechanism to obtain certificates and certificate revocation lists (CRLs) from PKI repositories. Additional mechanisms addressing PKIX operational requirements are specified in separate documents. [STANDARDS-TRACK] The Base16, Base32, and Base64 Data Encodings This document describes the commonly used base 64, base 32, and base 16 encoding schemes. It also discusses the use of line-feeds in encoded data, use of padding in encoded data, use of non-alphabet characters in encoded data, use of different encoding alphabets, and canonical encodings. [STANDARDS-TRACK] Additional New ASN.1 Modules for the Cryptographic Message Syntax (CMS) and the Public Key Infrastructure Using X.509 (PKIX) The Cryptographic Message Syntax (CMS) format, and many associated formats, are expressed using ASN.1. The current ASN.1 modules conform to the 1988 version of ASN.1. This document updates some auxiliary ASN.1 modules to conform to the 2008 version of ASN.1; the 1988 ASN.1 modules remain the normative version. There are no bits- on-the-wire changes to any of the formats; this is simply a change to the syntax. This document is not an Internet Standards Track specification; it is published for informational purposes. An Infrastructure to Support Secure Internet Routing This document describes an architecture for an infrastructure to support improved security of Internet routing. The foundation of this architecture is a Resource Public Key Infrastructure (RPKI) that represents the allocation hierarchy of IP address space and Autonomous System (AS) numbers; and a distributed repository system for storing and disseminating the data objects that comprise the RPKI, as well as other signed objects necessary for improved routing security. As an initial application of this architecture, the document describes how a legitimate holder of IP address space can explicitly and verifiably authorize one or more ASes to originate routes to that address space. Such verifiable authorizations could be used, for example, to more securely construct BGP route filters. This document is not an Internet Standards Track specification; it is published for informational purposes.
Acknowledgements The authors wish to thank TBD...
Example payloads
Example ASGroup eContent Payload Below an example of a DER encoded ASGroup eContent is provided with annotation following the '#' character. The example is fairly simple; the resource holder managing AS 16509 produced a ASGroup called "AS16509:AS-AMAZON" (asID + ':' + label), which cannot be referenced by other ASGroups, and which has 2 members: AS 16509 and 'AS16509:AS-CUSTOMERS' (the latter being a GroupingPointer). The 'AS16509:AS-CUSTOMERS' ASGroup object is as following:
Example ASGroup Opt-Out Listing eContent Payload Below an example of a DER encoded ASGroup Opt-Out Listing eContent is provided with annotation following the '#' character. The example is as following: the resource holder managing AS 15562 produced a ASGroup Opt-Out Listing and which has 1 optOut: 'AS16509:AS-CUSTOMERS'. Should ASGroup 'AS16509:AS-CUSTOMERS' (directly or indirectly) contain a reference to AS 15562; a Relying Party should omit 15562 from its output. Based on the above 2 ASGroup payloads and 1 ASGroup Opt-Out Listing payload, a compliant validator would emit 7224, 8987, 14618, 16509, 19047, and 62785 when expanding 'AS16509:AS-AMAZON'.
Implementation status This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in RFC 7942. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist. According to RFC 7942, "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".
  • Example .grp and .ool files were created by Job Snijders with the use of asn1c and OpenSSL.