From c8ae30d4af8ba490c2b524b69e6e0622c59fad7c Mon Sep 17 00:00:00 2001 From: ID Bot Date: Fri, 18 Oct 2024 12:10:38 +0000 Subject: [PATCH] Script updating gh-pages from 180b7b5. [ci skip] --- draft-dekater-scion-pki.html | 82 ++++++++++++++------------ draft-dekater-scion-pki.txt | 108 ++++++++++++++++++----------------- index.html | 4 +- 3 files changed, 104 insertions(+), 90 deletions(-) diff --git a/draft-dekater-scion-pki.html b/draft-dekater-scion-pki.html index e4e03db..0e412fa 100644 --- a/draft-dekater-scion-pki.html +++ b/draft-dekater-scion-pki.html @@ -1031,7 +1031,7 @@ de Kater, et al. -Expires 19 April 2025 +Expires 21 April 2025 [Page] @@ -1044,12 +1044,12 @@
draft-dekater-scion-pki-latest
Published:
- +
Intended Status:
Informational
Expires:
-
+
Authors:
@@ -1103,7 +1103,7 @@

time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

- This Internet-Draft will expire on 19 April 2025.

+ This Internet-Draft will expire on 21 April 2025.

@@ -2093,7 +2078,7 @@

2.2.2. Extensions

-

[RFC5280], section 4.2.1, defines the syntax of the Extensions sequence in a X.509 certificate. Descriptions of each standard certificate extension can be found in [RFC5280], section 4.2.1. The corresponding clauses in X509 (10/2016) are clause 7.2 and clause 9, respectively.

+

[RFC5280], section 4.2.1, defines the syntax of the Extensions sequence in a X.509 certificate. Descriptions of each standard certificate extension can be found in [RFC5280], section 4.2.1. The corresponding clauses in [X.509] are clause 7.2 and clause 9, respectively.

Currently, the following extensions are relevant for SCION:

[RFC9217]
-
+
Trammell, B., "Current Open Questions in Path-Aware Networking", RFC 9217, DOI 10.17487/RFC9217, , <https://www.rfc-editor.org/rfc/rfc9217>.
+
[X.509]
+
+"ITU-T X.509 (10/2016) | Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks", , <https://handle.itu.int/11.1002/1000/13031>.
+
+
[X.680]
+
+"ITU-T X.680 (02/2021) | Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation", , <https://handle.itu.int/11.1002/1000/14468>.
+
+
[X.690]
+
+"ITU-T X.690 (02/2021) | Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)", , <https://handle.itu.int/11.1002/1000/14472>.
+
+
[X9.62]
+
+"ANSI X9.62-1998 | Public Key Cryptography For The Financial Services Industry: The Elliptic Curve Digital Signature Algorithm", .
+
@@ -3630,6 +3631,10 @@

de Kater, C., Rustignoli, N., and A. Perrig, "SCION Overview", Work in Progress, Internet-Draft, draft-dekater-panrg-scion-overview-06, , <https://datatracker.ietf.org/doc/html/draft-dekater-panrg-scion-overview-06>.
+
[ISD-AS-assignments]
+
+"SCION ISD and AS Assignments", , <https://docs.anapaya.net/en/latest/resources/isd-as-assignments/>.
+
[RFC5398]
Huston, G., "Autonomous System (AS) Number Reservation for Documentation Use", RFC 5398, DOI 10.17487/RFC5398, , <https://www.rfc-editor.org/rfc/rfc5398>.
@@ -3922,6 +3927,9 @@

  • General text editing

    +
    • +
  • +

    References: fixed ITU, ANSI, Assigned ISD-AS, fixed cross-reference to text formatting in the CP draft

    • diff --git a/draft-dekater-scion-pki.txt b/draft-dekater-scion-pki.txt index d0b01eb..c20667a 100644 --- a/draft-dekater-scion-pki.txt +++ b/draft-dekater-scion-pki.txt @@ -5,9 +5,9 @@ Network Working Group C. de Kater Internet-Draft N. Rustignoli Intended status: Informational SCION Association -Expires: 19 April 2025 S. Hitz +Expires: 21 April 2025 S. Hitz Anapaya Systems - 16 October 2024 + 18 October 2024 SCION Control Plane PKI @@ -56,7 +56,7 @@ Status of This Memo time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on 19 April 2025. + This Internet-Draft will expire on 21 April 2025. Copyright Notice @@ -847,8 +847,7 @@ Table of Contents The described fields of the Control Plane PKI certificates are relevant for each certificate regardless of the certificate type. For detailed descriptions of the full generic format of X.509 v3 - certificates, see [RFC5280] and X509 - (https://handle.itu.int/11.1002/1000/13031), clause 7.2. + certificates, see [RFC5280] and [X.509] clause 7.2. TBSCertificate sequence: Contains information associated with the subject of the certificate and the CA that issued it. It includes @@ -934,8 +933,7 @@ Table of Contents For security reasons, SCION uses a custom list of acceptable signature algorithms which is specified in the signature field. The list currently only contains the ECDSA signature algorithm (defined - in X962 (https://webstore.ansi.org/standards/ascx9/ansix9621998)) - although this may be extended in future. + in [X9.62]) although this may be extended in future. The Object Identifiers (OIDs) for ECDSA are defined as ecdsa-with- SHA256, ecdsa-with-SHA384, and ecdsa-with-SHA512 in [RFC5758]. @@ -990,24 +988,13 @@ Table of Contents source implementation is the IANA Private Enterprise Number '55324': id-scion ::= OBJECT IDENTIFIER {1 3 6 1 4 1 55324} - The following points apply when setting the attribute value of the - ISD-AS number attribute: - - * The string representation MUST follow the canonical formatting - defined in ISD and AS numbering - (https://github.com/scionproto/scion/wiki/ISD-and-AS-numbering). - - * The canonical string representation uses a dash separator between - the ISD and AS numbers. - - * The ISD numbers are formatted as decimal. - - * The canonical string formatting of AS numbers in the BGP AS range - (0, 2^(32-1)) is the decimal form. Larger AS numbers, i.e., from - 2^32 to 2^(48-1), use a 16-bit, colon-separated, lower-case, hex - encoding with leading zeros omitted: 1:0:0 to ffff:ffff:ffff. - - *Example:* AS ff00:0:110 in ISD 1 is formatted as 1-ff00:0:110. + The string representation of the ISD-AS number attribute MUST follow + the text representation defined in [I-D.dekater-scion-controlplane], + section "Text Representation". The canonical string formatting of AS + numbers in the AS range (0, 2^(32-1)) MUST use the decimal form. + Larger AS numbers, i.e., from 2^32 to 2^(48-1), MUST use a 16-bit, + colon-separated, lower-case, hex encoding with leading zeros omitted: + 1:0:0 to ffff:ffff:ffff. The ISD-AS number attribute MUST be present exactly once in the distinguished name of the certificate issuer or owner, specified in @@ -1024,9 +1011,8 @@ Table of Contents [RFC5280], section 4.2.1, defines the syntax of the Extensions sequence in a X.509 certificate. Descriptions of each standard certificate extension can be found in [RFC5280], section 4.2.1. The - corresponding clauses in X509 - (https://handle.itu.int/11.1002/1000/13031) (10/2016) are clause 7.2 - and clause 9, respectively. + corresponding clauses in [X.509] are clause 7.2 and clause 9, + respectively. Currently, the following extensions are relevant for SCION: @@ -1049,8 +1035,8 @@ Table of Contents corresponding to the private key used to sign a certificate. For the syntax and definition of the authorityKeyIdentifier - extension, see [RFC5280], section 4.2.1.1, and X509 - (https://handle.itu.int/11.1002/1000/13031), clause 9.2.2.1. + extension, see [RFC5280], section 4.2.1.1, and [X.509], clause + 9.2.2.1. The authorityKeyIdentifier extension provides three attributes to specify the public key: @@ -1082,8 +1068,7 @@ Table of Contents keys, for example during updates. For the syntax and definition of the subjectKeyIdentifier extension, - see [RFC5280], section 4.2.1.2, and X509 - (https://handle.itu.int/11.1002/1000/13031), clause 9.2.2.2. + see [RFC5280], section 4.2.1.2, and [X.509], clause 9.2.2.2. This extension MUST always be non-critical. However, SCION implementations MUST error out if the extension is not present. @@ -1092,8 +1077,8 @@ Table of Contents The keyUsage extension identifies the intended usage of the public key in the corresponding certificate. For the syntax and definition - of the keyUsage extension, see [RFC5280], section 4.2.1.3, and X509 - (https://handle.itu.int/11.1002/1000/13031), clause 9.2.2.3. + of the keyUsage extension, see [RFC5280], section 4.2.1.3, and + [X.509], clause 9.2.2.3. The attributes of the keyUsage extension define possible ways of using the public key. The attributes have the following meaning in @@ -1174,8 +1159,7 @@ Table of Contents The extKeyUsage extension specifies additional usages of the public key in the certificate. For the syntax and definition of the - extKeyUsage extension, see X509 - (https://handle.itu.int/11.1002/1000/13031), clause 9.2.2.4. + extKeyUsage extension, see [X.509], clause 9.2.2.4. SCION uses the following attributes of the Extended Key Usage extension, as defined in Section 4.2.1.12 of [RFC5280]: @@ -1280,8 +1264,7 @@ Table of Contents The basicConstraints extension specifies whether the certificate subject may act as a CA. For the syntax and definition of the - basicConstraints extension, see X509 - (https://handle.itu.int/11.1002/1000/13031), clause 9.4.2.1. + basicConstraints extension, see [X.509], clause 9.4.2.1. The basicConstraints extension includes the following attributes relevant for SCION: @@ -1353,8 +1336,7 @@ Table of Contents 3.1. TRC Specification - The TRC is a signed collection of X.509 - (https://handle.itu.int/11.1002/1000/13031) v3 certificates. + The TRC is a signed collection of [X.509] v3 certificates. Additionally, the TRC contains ISD-specific policies encoded in a Cryptographic Message Syntax (CMS) [RFC5652] envelope. @@ -1366,8 +1348,7 @@ Table of Contents certificates defined in the previous TRC. This section specifies the TRC including format definitions and - dpayload fields. The section uses the ITU-T X.680 - (https://handle.itu.int/11.1002/1000/14468) syntax. + dpayload fields. The section uses the ITU-T [X.680] syntax. 3.1.1. TRC Types and States @@ -1499,9 +1480,8 @@ Table of Contents ISD. For signature calculation, the data that is to be signed is encoded - using ASN.1 distinguished encoding rules (DER) X.690 - (https://handle.itu.int/11.1002/1000/14472). For more details, see - Section 3.1.3. + using ASN.1 distinguished encoding rules (DER) [X.690]. For more + details, see Section 3.1.3. 3.1.2.2. TRC Fields @@ -1607,7 +1587,7 @@ Table of Contents For more information, see Section 3.1.1. The validity field consists of a sequence of two dates, as defined in - section 7.2. of X.509 (https://handle.itu.int/11.1002/1000/13031). + section 7.2. of [X.509]. In addition to this standard definition, the following constraint applies to the validity field of the TRC: @@ -2396,8 +2376,7 @@ Table of Contents by: * Executing the regular X.509 verification procedure. For - details, see X.509 - (https://handle.itu.int/11.1002/1000/13031). + details, see [X.509]. * Checking that @@ -2565,9 +2544,8 @@ Table of Contents The SCION AS and ISD number are SCION-specific numbers. They are currently allocated by Anapaya Systems, a provider of SCION-based - networking software and solutions (see Anapaya ISD AS assignments - (https://docs.anapaya.net/en/latest/resources/isd-as-assignments/)). - This task is currently being transitioned from Anapaya to the SCION + networking software and solutions (see [ISD-AS-assignments]). This + task is currently being transitioned from Anapaya to the SCION Association. 7. References @@ -2622,6 +2600,26 @@ Table of Contents Networking", RFC 9217, DOI 10.17487/RFC9217, March 2022, . + [X.509] "ITU-T X.509 (10/2016) | Information technology – Open + Systems Interconnection – The Directory: Public-key and + attribute certificate frameworks", January 2016, + . + + [X.680] "ITU-T X.680 (02/2021) | Information technology - Abstract + Syntax Notation One (ASN.1): Specification of basic + notation", January 2021, + . + + [X.690] "ITU-T X.690 (02/2021) | Information technology - ASN.1 + encoding rules: Specification of Basic Encoding Rules + (BER), Canonical Encoding Rules (CER) and Distinguished + Encoding Rules (DER)", January 2021, + . + + [X9.62] "ANSI X9.62-1998 | Public Key Cryptography For The + Financial Services Industry: The Elliptic Curve Digital + Signature Algorithm", 1998. + 7.2. Informative References [BARRERA17] @@ -2643,6 +2641,11 @@ Table of Contents . + [ISD-AS-assignments] + "SCION ISD and AS Assignments", 2024, + . + [RFC5398] Huston, G., "Autonomous System (AS) Number Reservation for Documentation Use", RFC 5398, DOI 10.17487/RFC5398, December 2008, . @@ -3014,6 +3017,9 @@ draft-dekater-scion-pki-07 * General text editing + * References: fixed ITU, ANSI, Assigned ISD-AS, fixed cross- + reference to text formatting in the CP draft + draft-dekater-scion-pki-06 Major changes: diff --git a/index.html b/index.html index 31d6e29..8015404 100644 --- a/index.html +++ b/index.html @@ -53,7 +53,7 @@

    Preview for branch small-corrections

    SCION CP-PKI plain text - diff with main + same as main

    Preview for branch anapaya-review

    @@ -61,7 +61,7 @@

    Preview for branch anapaya-review

    SCION CP-PKI plain text - same as main + diff with main