[routing-wg] request for feedback: a RPKI Certificate Transparency project?

Hi Ben,

> On 10 Sep 2021, at 13:11, Ben Maddison <benm at workonline.africa> wrote:
> 
> Hi Tim,
> 
> On 09/10, Tim Bruijnzeels wrote:
>> 
>> 
>>> On 10 Sep 2021, at 11:57, Job Snijders <job at fastly.com> wrote:
>>> 
>>> On Fri, Sep 10, 2021 at 11:39:39AM +0200, Tim Bruijnzeels wrote:
>>>> I think all would agree that transparency is good.
>>>> 
>>>> A key difference between RPKI and most other PKIs is that in the RPKI
>>>> all objects are published in the open for all the see. 
>>> 
>>> Small nitpick: all objects are SUPPOSED to be published, in the open,
>>> for all to see. However it is important to keep in mind we cannot assume
>>> all objects were published in a way for all to see.
>>> 
>>>> As you mentioned your RPKI validator may miss intermediate state
>>>> changes if it retrieves objects using rsync, but the RRDP protocol
>>>> supports deltas, see [1].
>>>> 
>>>> I believe that transparency can most easily be achieved by ensuring
>>>> that these deltas are preserved, and that they cannot be modified.
>>> 
>>> RRDP is an unauthenticated and unsigned protocol. It is possible for a
>>> Publication Point to present different RRDP deltas to one RP compared to
>>> what they present to another RP. Archiving RRDP deltas is interesting,
>>> but IMHO happens too late in the pipeline for TA/CA audit purposes.
>>> 
>>> RRDP is not a replacement for Certificate Transparency, both
>>> technologies solve different problems.
>> 
>> I did not say that it was.
>> 
>> I just suggested that *in the context of RPKI* RRDP can be used as a basis
>> to keep track of all historic public changes.
>> 
> Archiving the RRDP deltas can certainly provide information as to what
> was observed at the publication points, but the security of the RPKI
> system lives at the object-signing layer, and so an audit log needs to
> capture activity at that layer: issuance actions by the CA.

As I said:

>> If you do not trust that the Publication Server (which serves RRDP)
>> accurately reflects what the RPKI CAs asked to be published then you
>> indeed have a different problem. CT logs could be one way to approach
>> this, but I am not convinced yet that this is the only way or the
>> best way.

To make myself more clear, and then I will leave it to others speak..

I am not a priori opposed to CT as a solution.

But this should start with a problem statement which is discussed
in the IETF. The context of the RPKI standards matter and a lot of
the contributors to those standards are not active here. There may
be more than one way to solve the issues (which are still to be defined
more clearly). If the outcome then is that there is a problem and CT is
the solution, then I would be more than happy to support it.

As it stands I think that asking the RIPE NCC to make a big investment
without further analysis is questionable. It is also not sufficiently
clear to me how and why this problem is more urgent than other investments
in RPKI, e.g. providing a Publication Server service for members, and
investing in support for ASPA.

I hope it's clear to all that this is intended as constructive feedback
to Job's question:

> Does the community see value in applying Certificate Transparency to the
> RPKI? What are your thoughts?



Kind regards,

Tim




> 
> Comparing a CT log to RRDP delta archive could certainly be useful in
> many cases, but that's exactly because they say things about different
> parts of the infrastructure.
> 
> Cheers,
> 
> Ben