[routing-wg] Penetration Test Report for RPKI

On Tue, Dec 21, 2021 at 01:23:01PM -0800, Randy Bush wrote:
> > We hope you will find these reports useful
> 
> very much so.  thank you.

Yes, I'd like to echo what Randy says. Thanks for sharing this.

> btw, re RIPE-009 - Unencrypted Communication
> 
> in the up/down protocol, objects are cms wrapped and hence signed and
> objct authenticated; i.e. i would not panic about transport cia. 

Indeed. But I can imagine that in a world where virtually all
(originally HTTP-only yolo) APIs now have been migrated to HTTPS, any
API which ** by design ** is HTTP-only, would indeed stand out to
pentest researchers.

I think it is good the testers noticed this aspect, and also good that
RIPE NCC noted in the response "Up-down remains on HTTP and uses a CMS
wrapper for authentication."

The up/down protocol is somewhat similar in terms of security
considerations to how one can transport signed RPKI data from
Publication Point (repositories) to Relaying Party (validator
instances). In that context too, the use of unencrypted transport (like
RSYNC, or PIGEON) is deemed acceptable because the threat model is based
on a robust interpretation of object-security** to such an extend that
transport-security is inconsequential.

>  otoh, i suspect there could be a path to move your delegated CAs to
>  TLS; which might be conservative in the long run.

Would you mind elaborating on what you mean with the phrase "might be
conservative in the long run?".

Kind regards,

Job

** One crucial corner stone to the concept of 'RPKI object security' is
   a thing called "RPKI Manifests". Manifests are an elegant and very
   powerful idea in the X.509 universe: the ability to securely group 
   objects together. All modern validators use manifests: make sure your
   validator is updated to the latest version! Read more about what
   Manifests are here:
   https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-6486bis-09
   This doc is now going through IETF last-call.