Internet Engineering Task Force (IETF)                         S. Weiler
Request for Comments: 8181                                     W3C / MIT
Category: Standards Track                                    A. Sonalker
ISSN: 2070-1721                                               STEER Tech
                                                              R. Austein
                                                    Dragon Research Labs
                                                               July 2017
        
Internet Engineering Task Force (IETF)                         S. Weiler
Request for Comments: 8181                                     W3C / MIT
Category: Standards Track                                    A. Sonalker
ISSN: 2070-1721                                               STEER Tech
                                                              R. Austein
                                                    Dragon Research Labs
                                                               July 2017
        

A Publication Protocol for the Resource Public Key Infrastructure (RPKI)

资源公钥基础结构(RPKI)的发布协议

Abstract

摘要

This document defines a protocol for publishing Resource Public Key Infrastructure (RPKI) objects. Even though the RPKI will have many participants issuing certificates and creating other objects, it is operationally useful to consolidate the publication of those objects. Even in cases where a certificate issuer runs its own publication repository, it can be useful to run the certificate engine itself on a different machine from the publication repository. This document defines a protocol which addresses these needs.

本文档定义了用于发布资源公钥基础结构(RPKI)对象的协议。尽管RPKI将有许多参与者颁发证书并创建其他对象,但整合这些对象的发布在操作上是有用的。即使在证书颁发者运行自己的发布存储库的情况下,在发布存储库之外的其他计算机上运行证书引擎本身也会很有用。本文件定义了满足这些需求的协议。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc8181.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc8181.

Copyright Notice

版权公告

Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2017 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Historical Note . . . . . . . . . . . . . . . . . . . . .   4
     1.2.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   5
   2.  Protocol Specification  . . . . . . . . . . . . . . . . . . .   5
     2.1.  Common XML Message Format . . . . . . . . . . . . . . . .   6
     2.2.  Publication and Withdrawal  . . . . . . . . . . . . . . .   7
     2.3.  Listing the Repository  . . . . . . . . . . . . . . . . .   8
     2.4.  Error Handling  . . . . . . . . . . . . . . . . . . . . .   8
     2.5.  Error Codes . . . . . . . . . . . . . . . . . . . . . . .   9
     2.6.  XML Schema  . . . . . . . . . . . . . . . . . . . . . . .  10
   3.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .  12
     3.1.  <publish/> Query, No Existing Object  . . . . . . . . . .  12
     3.2.  <publish/> Query, Overwriting Existing Object . . . . . .  12
     3.3.  <withdraw/> Query . . . . . . . . . . . . . . . . . . . .  13
     3.4.  <success/> Reply  . . . . . . . . . . . . . . . . . . . .  13
     3.5.  <report_error/> with Optional Elements  . . . . . . . . .  13
     3.6.  <report_error/> without Optional Elements . . . . . . . .  14
     3.7.  Error Handling with Multi-Element Queries . . . . . . . .  14
       3.7.1.  Multi-Element Query . . . . . . . . . . . . . . . . .  14
       3.7.2.  Successful Multi-Element Response . . . . . . . . . .  15
       3.7.3.  Failure Multi-Element Response, First Error Only  . .  15
       3.7.4.  Failure Multi-Element Response, All Errors  . . . . .  16
     3.8.  <list/> Query . . . . . . . . . . . . . . . . . . . . . .  16
     3.9.  <list/> Reply . . . . . . . . . . . . . . . . . . . . . .  17
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  17
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  18
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  19
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .  19
     6.2.  Informative References  . . . . . . . . . . . . . . . . .  20
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  21
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  21
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Historical Note . . . . . . . . . . . . . . . . . . . . .   4
     1.2.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   5
   2.  Protocol Specification  . . . . . . . . . . . . . . . . . . .   5
     2.1.  Common XML Message Format . . . . . . . . . . . . . . . .   6
     2.2.  Publication and Withdrawal  . . . . . . . . . . . . . . .   7
     2.3.  Listing the Repository  . . . . . . . . . . . . . . . . .   8
     2.4.  Error Handling  . . . . . . . . . . . . . . . . . . . . .   8
     2.5.  Error Codes . . . . . . . . . . . . . . . . . . . . . . .   9
     2.6.  XML Schema  . . . . . . . . . . . . . . . . . . . . . . .  10
   3.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .  12
     3.1.  <publish/> Query, No Existing Object  . . . . . . . . . .  12
     3.2.  <publish/> Query, Overwriting Existing Object . . . . . .  12
     3.3.  <withdraw/> Query . . . . . . . . . . . . . . . . . . . .  13
     3.4.  <success/> Reply  . . . . . . . . . . . . . . . . . . . .  13
     3.5.  <report_error/> with Optional Elements  . . . . . . . . .  13
     3.6.  <report_error/> without Optional Elements . . . . . . . .  14
     3.7.  Error Handling with Multi-Element Queries . . . . . . . .  14
       3.7.1.  Multi-Element Query . . . . . . . . . . . . . . . . .  14
       3.7.2.  Successful Multi-Element Response . . . . . . . . . .  15
       3.7.3.  Failure Multi-Element Response, First Error Only  . .  15
       3.7.4.  Failure Multi-Element Response, All Errors  . . . . .  16
     3.8.  <list/> Query . . . . . . . . . . . . . . . . . . . . . .  16
     3.9.  <list/> Reply . . . . . . . . . . . . . . . . . . . . . .  17
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  17
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  18
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  19
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .  19
     6.2.  Informative References  . . . . . . . . . . . . . . . . .  20
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  21
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  21
        
1. Introduction
1. 介绍

This document assumes a working knowledge of the Resource Public Key Infrastructure (RPKI), which is intended to support improved routing security on the Internet. See [RFC6480] for an overview of the RPKI.

本文档假定对资源公钥基础设施(RPKI)有一定的了解,该基础设施旨在支持改进的Internet路由安全性。有关RPKI的概述,请参见[RFC6480]。

In order to make participation in the RPKI easier, it is helpful to have a few consolidated repositories for RPKI objects, thus saving every participant from the cost of maintaining a new service. Similarly, relying parties using the RPKI objects will find it faster and more reliable to retrieve the necessary set from a smaller number of repositories.

为了使参与RPKI变得更容易,有几个RPKI对象的整合存储库是很有帮助的,这样可以节省每个参与者维护新服务的成本。类似地,使用RPKI对象的依赖方将发现从数量较少的存储库中检索必要的集合更快、更可靠。

These consolidated RPKI object repositories will in many cases be outside the administrative scope of the organization issuing a given RPKI object. In some cases, outsourcing operation of the repository will be an explicit goal: some resource holders who strongly wish to control their own RPKI private keys may lack the resources to operate a 24x7 repository or may simply not wish to do so.

在许多情况下,这些整合的RPKI对象存储库将超出发布给定RPKI对象的组织的管理范围。在某些情况下,外包存储库的操作将是一个明确的目标:一些强烈希望控制自己的RPKI私钥的资源所有者可能缺乏全天候运行存储库的资源,或者根本不希望这样做。

The operator of an RPKI publication repository may well be an Internet registry which issues certificates to its customers, but it need not be; conceptually, operation of an RPKI publication repository is separate from operation of an RPKI Certification Authority (CA).

RPKI发布存储库的运营商很可能是向其客户颁发证书的互联网注册中心,但不一定是;从概念上讲,RPKI发布存储库的操作与RPKI证书颁发机构(CA)的操作是分开的。

Even in cases where a resource holder operates both a certificate engine and a publication repository, it can be useful to separate the two functions, as they have somewhat different operational and security requirements.

即使在资源持有者同时操作证书引擎和发布存储库的情况下,分离这两个功能也会很有用,因为它们的操作和安全要求有所不同。

This document defines an RPKI publication protocol which allows publication either within or across organizational boundaries and which makes fairly minimal demands on both the CA engine and the publication service.

本文档定义了一个RPKI发布协议,该协议允许在组织边界内或跨组织边界进行发布,并且对CA引擎和发布服务的要求非常低。

The authentication and message integrity architecture of the publication protocol is essentially identical to the architecture used in [RFC6492] because the participants in this protocol are the same CA engines as in RFC 6492; this allows reuse of the same "Business PKI" (BPKI) (see Section 1.2) infrastructure used to support RFC 6492. As in RFC 6492, authorization is a matter of external configuration: we assume that any given publication repository has some kind of policy controlling which certificate engines are allowed to publish, modify, or withdraw particular RPKI objects, most likely following the recommendation in [RFC6480],

发布协议的认证和消息完整性架构基本上与[RFC6492]中使用的架构相同,因为该协议的参与者与RFC 6492中的CA引擎相同;这允许重用用于支持RFC 6492的相同“业务PKI”(BPKI)(参见第1.2节)基础设施。与RFC 6492一样,授权是一个外部配置问题:我们假设任何给定的发布存储库都有某种策略,控制允许哪些证书引擎发布、修改或撤销特定的RPKI对象,最有可能遵循[RFC6480]中的建议,

Section 4.4; the details of this policy are a private matter between the operator of a certificate engine and the operator of the chosen publication repository.

第4.4节;此策略的详细信息是证书引擎的操作员和所选发布存储库的操作员之间的私事。

The following diagram attempts to convey where this publication protocol fits into the overall data flow between the certificate issuers and relying parties:

下图试图说明此发布协议适用于证书颁发者和依赖方之间的总体数据流的位置:

          +------+    +------+    +------+
          |  CA  |    |  CA  |    |  CA  |
          +------+    +------+    +------+
              |           |           |    Publication protocol
              |           |           |    business relationship
              +-------+   |  +--------+      perhaps set up by
                      |   |  |                    RFC 8183
                 +----v---v--v-----+
                 |                 |
                 |   Publication   |
                 |   Repository    |
                 |                 |
                 +-----------------+     Distribution protocols
                          |                   rsync or RRDP
           +--------------+----------------+
           |              |                |
   +-------v-----+ +------v------+  +------v------+
   |   Relying   | |   Relying   |  |   Relying   |
   |    Party    | |    Party    |  |    Party    |
   +-------------+ +-------------+  +-------------+
        
          +------+    +------+    +------+
          |  CA  |    |  CA  |    |  CA  |
          +------+    +------+    +------+
              |           |           |    Publication protocol
              |           |           |    business relationship
              +-------+   |  +--------+      perhaps set up by
                      |   |  |                    RFC 8183
                 +----v---v--v-----+
                 |                 |
                 |   Publication   |
                 |   Repository    |
                 |                 |
                 +-----------------+     Distribution protocols
                          |                   rsync or RRDP
           +--------------+----------------+
           |              |                |
   +-------v-----+ +------v------+  +------v------+
   |   Relying   | |   Relying   |  |   Relying   |
   |    Party    | |    Party    |  |    Party    |
   +-------------+ +-------------+  +-------------+
        

The publication protocol itself is not visible to relying parties: a relying party sees the public interface of the publication server, which is an rsync or RPKI Repository Delta Protocol (RRDP) [RFC8182] server.

发布协议本身对依赖方不可见:依赖方可以看到发布服务器的公共接口,该服务器是rsync或RPKI存储库增量协议(RRDP)[RFC8182]服务器。

Operators of certificate engines and publication repositories may find [RFC8183] a useful tool in setting up the pairwise relationships between these servers, but they are not required to use it.

证书引擎和发布存储库的操作员可能会发现[RFC8183]是在这些服务器之间建立成对关系的有用工具,但他们不需要使用它。

1.1. Historical Note
1.1. 历史笔记

This protocol started out as an informal collaboration between several of the early RPKI implementers, and while it was always the designers' intention that the resulting protocol end up on the IETF Standards Track, it took a few years to get there because standardization of other pieces of the overall RPKI protocol space was more urgent. The Standards Track version of this publication

该协议一开始是几个早期RPKI实现者之间的非正式合作,虽然设计者一直希望最终的协议能够进入IETF标准轨道,但由于整个RPKI协议空间的其他部分的标准化更为迫切,因此需要几年时间才能实现。标准跟踪本出版物的版本

protocol preserves the original XML namespace and protocol version scheme in order to maintain backwards compatibility with running code implemented against older versions of the specification.

协议保留了原始的XML名称空间和协议版本方案,以便与针对旧版本规范实现的运行代码保持向后兼容性。

1.2. Terminology
1.2. 术语

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”在所有大写字母出现时(如图所示)应按照BCP 14[RFC2119][RFC8174]所述进行解释。

"Publication engine" and "publication server" are used interchangeably to refer to the server providing the service described in this document.

“发布引擎”和“发布服务器”可以互换使用,以表示提供本文档中所述服务的服务器。

"Business Public Key Infrastructure" ("Business PKI" or "BPKI") refers to a PKI, separate from the RPKI, used to authenticate clients to the publication engine. We use the term "Business PKI" here because an Internet registry might already have a PKI for authenticating its clients and might wish to reuse that PKI for this protocol. There is, however, no requirement to reuse such a PKI.

“业务公钥基础设施”(“业务PKI”或“BPKI”)是指独立于RPKI的PKI,用于向发布引擎验证客户端。我们在这里使用术语“商业PKI”,因为Internet注册中心可能已经有了用于验证其客户端的PKI,并且可能希望将该PKI重新用于此协议。然而,没有要求重用这种PKI。

2. Protocol Specification
2. 协议规范

The publication protocol uses XML [XML] messages wrapped in signed Cryptographic Message Syntax (CMS) messages, carried over HTTP transport [RFC7230]. The CMS encapsulation is identical to that used in Section 3.1 (and subsections) of RFC 6492 [RFC6492].

发布协议使用XML[XML]消息包装在经过HTTP传输[RFC7230]的签名加密消息语法(CMS)消息中。CMS封装与RFC 6492[RFC6492]第3.1节(及小节)中使用的封装相同。

The publication protocol uses a simple request/response interaction. The client passes a request to the server, and the server generates a corresponding response.

发布协议使用简单的请求/响应交互。客户端将请求传递给服务器,服务器生成相应的响应。

A message exchange commences with the client initiating an HTTP POST with a content type of "application/rpki-publication", with the message object as the body. The server's response will similarly be the body of the response with a content type of "application/ rpki-publication".

消息交换从客户机启动内容类型为“application/rpki publication”的HTTP POST开始,消息对象作为主体。服务器的响应同样是响应的主体,其内容类型为“application/rpki publication”。

The content of the POST and the server's response will be a well-formed CMS [RFC5652] object with OID = 1.2.840.113549.1.7.2 as described in Section 3.1 of [RFC6492].

帖子内容和服务器响应将是格式良好的CMS[RFC5652]对象,OID=1.2.840.113549.1.7.2,如[RFC6492]第3.1节所述。

The CMS signatures are used to protect the integrity of the protocol messages and to authenticate the client and server to each other. Authorization to perform particular operations is a local matter,

CMS签名用于保护协议消息的完整性,并相互验证客户端和服务器。执行特定操作的授权是本地事务,

perhaps determined by contractual agreements between the operators of any particular client-server pair, but in any case is beyond the scope of this specification.

可能由任何特定客户机-服务器对的运营商之间的合同协议确定,但在任何情况下都超出了本规范的范围。

2.1. Common XML Message Format
2.1. 通用XML消息格式

The XML schema for this protocol is below in Section 2.6. The basic XML message format looks like this:

本协议的XML模式见第2.6节。基本的XML消息格式如下所示:

   <msg
       type="query"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <!-- Zero or more PDUs -->
   </msg>
        
   <msg
       type="query"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <!-- Zero or more PDUs -->
   </msg>
        
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <!-- Zero or more PDUs -->
   </msg>
        
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <!-- Zero or more PDUs -->
   </msg>
        

As noted above, the outermost XML element is encapsulated in a signed CMS message. Query messages are signed by the client, and reply messages are signed by the server.

如上所述,最外层的XML元素封装在签名的CMS消息中。查询消息由客户端签名,回复消息由服务器签名。

Common attributes:

共同属性:

version: The value of this attribute is the version of this protocol. This document describes version 4.

版本:此属性的值是此协议的版本。本文档介绍了版本4。

type: The possible values of this attribute are "reply" and "query".

类型:此属性的可能值为“回复”和“查询”。

A query PDU may be one of three types: <publish/>, <withdraw/>, or <list/>.

查询PDU可以是以下三种类型之一:<publish/>、<draw/>或<list/>。

A reply PDU may be one of three types: <success/>, <list/>, or <report_error/>.

回复PDU可以是以下三种类型之一:<success/>、<list/>或<report\u error/>。

The <publish/> and <withdraw/> PDUs include a "tag" attribute to facilitate bulk operation. When performing bulk operations, a CA engine will probably find it useful to specify a distinct tag value for each <publish/> or <withdraw/> PDU, to simplify matching an error with the PDU which triggered it. The tag attribute is mandatory, to simplify parsing, but a CA engine which has no particular use for tagging MAY use any syntactically legal value, including simply using the empty string for all tag fields.

<publish/>和<draw/>PDU包含一个“tag”属性,以方便批量操作。在执行批量操作时,CA引擎可能会发现为每个<publish/>或<draw/>PDU指定一个不同的标记值非常有用,以简化与触发错误的PDU的匹配。为了简化解析,tag属性是必需的,但是对于标记没有特殊用途的CA引擎可以使用任何语法上合法的值,包括对所有标记字段使用空字符串。

This document describes version 4 of this protocol. An implementation which understands only this version of the protocol MUST reject messages with a different protocol version attribute, signaling the error as described in Section 2.4. Since "4" is currently the only value allowed for the version attribute in the schema (Section 2.6), an incorrect protocol version can be detected either by checking the version attribute directly or as a schema validation error. Any future update to this protocol which is either syntactically or semantically incompatible with the current version will need to increment the protocol version number.

本文件描述了本协议的第4版。仅理解此版本协议的实现必须拒绝具有不同协议版本属性的消息,如第2.4节所述发出错误信号。由于“4”是架构(第2.6节)中版本属性当前允许的唯一值,因此可以通过直接检查版本属性或作为架构验证错误来检测不正确的协议版本。该协议的任何未来更新,如果在语法或语义上与当前版本不兼容,则需要增加协议版本号。

2.2. Publication and Withdrawal
2.2. 公布和撤回

The publication protocol uses a common message format to request publication of any RPKI object. This format was chosen specifically to allow this protocol to accommodate new types of RPKI objects without needing changes to this protocol.

发布协议使用公共消息格式来请求发布任何RPKI对象。选择此格式是为了允许此协议适应新类型的RPKI对象,而无需更改此协议。

Both the <publish/> and <withdraw/> PDUs have a payload of a tag and an rsync URI [RFC3986] [RFC5781]. The <publish/> query also contains the DER object to be published, encoded in Base64 ([RFC4648], Section 4, with line breaks within the Base64 text permitted but not required).

<publish/>和<draw/>PDU都有标记和rsync URI[RFC3986][RFC5781]的有效负载。<publish/>查询还包含要发布的DER对象,以Base64([RFC4648],第4节)编码,允许但不需要在Base64文本中使用换行符。

Both the <publish/> and <withdraw/> PDUs also have a "hash" attribute, which carries a hash of an existing object at the specified repository URI, encoded as a hexadecimal string. For <withdraw/> PDUs, the hash MUST be present, as this operation makes no sense if there is no existing object to withdraw. For <publish/> PDUs, the hash MUST be present if the publication operation is overwriting an existing object, and it MUST NOT be present if this publication operation is writing to a new URI where no prior object exists. Presence of an object when no "hash" attribute has been specified is an error, as is absence of an object or an incorrect hash value when a "hash" attribute has been specified. Any such errors MUST be reported using the <report_error/> PDU.

<publish/>和<draw/>PDU都有一个“hash”属性,它在指定的存储库URI中携带现有对象的哈希,编码为十六进制字符串。对于<draw/>pdu,哈希必须存在,因为如果没有要提取的现有对象,则此操作没有意义。对于<publish/>pdu,如果发布操作正在覆盖现有对象,则哈希必须存在;如果此发布操作正在写入不存在先前对象的新URI,则哈希不得存在。没有指定“哈希”属性时存在对象是错误的,指定“哈希”属性时没有对象或哈希值不正确也是错误的。必须使用<report\u error/>PDU报告任何此类错误。

The hash algorithm is SHA-256 [SHS], to simplify comparison of publication protocol hashes with RPKI manifest hashes.

散列算法是SHA-256[SHS],用于简化发布协议散列与RPKI清单散列的比较。

The intent behind the "hash" attribute is to allow the client and server to detect any disagreements about the effect that a <publish/> or <withdraw/> PDU will have on the repository.

“hash”属性背后的意图是允许客户端和服务器检测关于<publish/>或<draw/>PDU对存储库的影响的任何分歧。

Note that every publish and withdraw action requires a new manifest, thus every publish or withdraw action will involve at least two objects.

请注意,每个发布和收回操作都需要一个新的清单,因此每个发布或收回操作将至少涉及两个对象。

Processing of a query message is handled atomically: either the entire query succeeds or none of it does. When a query message contains multiple PDUs, failure of any PDU may require the server to roll back actions triggered by earlier PDUs.

查询消息的处理是原子化的:要么整个查询成功,要么没有成功。当查询消息包含多个PDU时,任何PDU的故障都可能要求服务器回滚由早期PDU触发的操作。

When a query message containing <publish/> or <withdraw/> PDUs succeeds, the server returns a single <success/> reply.

当包含<publish/>或<draw/>PDU的查询消息成功时,服务器返回一个<success/>回复。

When a query fails, the server returns one or more <report_error/> reply PDUs. Typically, a server will only generate one <report_error/> corresponding to the first query PDU that failed, but servers MAY return multiple <report_error/> PDUs at the implementer's discretion.

当查询失败时,服务器返回一个或多个<report\u error/>回复PDU。通常,服务器只会生成一个与第一个失败的查询PDU相对应的<report\u error/>,但是服务器可以根据实现者的判断返回多个<report\u error/>PDU。

2.3. Listing the Repository
2.3. 列出存储库

The <list/> operation allows the client to ask the server for a complete listing of objects which the server believes the client has published. This is intended primarily to allow the client to recover upon detecting (probably via use of the "hash" attribute; see Section 2.2) that they have somehow lost synchronization.

<list/>操作允许客户端请求服务器提供服务器认为客户端已发布的对象的完整列表。这主要是为了让客户端在检测到(可能通过使用“hash”属性;请参见第2.2节)它们以某种方式丢失了同步时进行恢复。

The <list/> query consists of a single PDU. A <list/> query MUST be the only PDU in a query -- it may not be combined with any <publish/> or <withdraw/> queries.

<list/>查询由单个PDU组成。<list/>查询必须是查询中唯一的PDU——它不能与任何<publish/>或<draw/>查询组合。

The <list/> reply consists of zero or more PDUs, one per object published in this repository by this client, each PDU conveying the URI and hash of one published object.

<list/>回复由零个或多个PDU组成,此客户端在此存储库中发布的每个对象一个PDU,每个PDU传递一个已发布对象的URI和哈希。

2.4. Error Handling
2.4. 错误处理

Errors are handled at two levels.

错误在两个级别处理。

Errors that make it impossible to decode a query or encode a response are handled at the HTTP layer. 4xx and 5xx HTTP response codes indicate that something bad happened.

无法对查询进行解码或对响应进行编码的错误在HTTP层进行处理。4xx和5xx HTTP响应代码表示发生了错误。

In all other cases, errors result in an XML <report_error/> PDU. Like the rest of this protocol, <report_error/> PDUs are CMS-signed XML messages and thus can be archived to provide an audit trail.

在所有其他情况下,错误会导致XML<report\u error/>PDU。与此协议的其余部分一样,<report\u error/>PDU是CMS签名的XML消息,因此可以存档以提供审计跟踪。

<report_error/> PDUs only appear in replies, never in queries.

<report\u error/>PDU只出现在回复中,从不出现在查询中。

   The "tag" attribute of the <report_error/> PDU associated with a
   <publish/> or <withdraw/> PDU MUST be set to the same value as the
   "tag" attribute in the PDU which generated the error.  A client can
        
   The "tag" attribute of the <report_error/> PDU associated with a
   <publish/> or <withdraw/> PDU MUST be set to the same value as the
   "tag" attribute in the PDU which generated the error.  A client can
        

use the "tag" attribute to determine which PDU caused processing of an update to fail.

使用“tag”属性确定哪个PDU导致更新处理失败。

The error itself is conveyed in the "error_code" attribute. The value of this attribute is a token indicating the specific error that occurred.

错误本身在“错误代码”属性中传递。此属性的值是指示发生的特定错误的标记。

The body of the <report_error/> element contains two sub-elements:

<report\u error/>元素的主体包含两个子元素:

1. An optional text element <error_text/>, which, if present, contains a text string with debugging information intended for human consumption.

1. 可选的文本元素<error\u text/>,如果存在,则包含一个文本字符串,其中包含供人使用的调试信息。

2. An optional element <failed_pdu/>, which, if present, contains a verbatim copy of the query PDU whose failure triggered the <report_error/> PDU. The quoted element must be syntactically valid.

2. 可选元素<failed\u pdu/>,如果存在,则包含查询pdu的逐字副本,该查询pdu的失败触发了<report\u error/>pdu。引用的元素必须在语法上有效。

See Section 3.7 for examples of a multi-element query and responses.

有关多元素查询和响应的示例,请参见第3.7节。

2.5. Error Codes
2.5. 错误代码

These are the defined error codes as well as some discussion of each. Text similar to these descriptions may be sent in an <error_text/> element to help explain the error encountered.

这些是定义的错误代码,以及对每个错误代码的一些讨论。类似于这些描述的文本可以在<error\u Text/>元素中发送,以帮助解释遇到的错误。

xml_error: Encountered an XML problem. Note that some XML errors may be severe enough to require error reporting at the HTTP layer, instead. Implementations MAY choose to report any or all XML errors at the HTTP layer.

xml_错误:遇到xml问题。请注意,某些XML错误可能严重到需要在HTTP层报告错误。实现可以选择在HTTP层报告任何或所有XML错误。

permission_failure: Client does not have permission to update this URI.

权限\ U失败:客户端没有更新此URI的权限。

bad_cms_signature: Bad CMS signature.

错误的cms\U签名:错误的cms签名。

object_already_present: An object is already present at this URI, yet a "hash" attribute was not specified. A "hash" attribute must be specified when overwriting or deleting an object. Perhaps client and server are out of sync?

对象已存在:此URI中已存在对象,但未指定“哈希”属性。重写或删除对象时必须指定“哈希”属性。也许客户端和服务器不同步?

no_object_present: There is no object present at this URI, yet a "hash" attribute was specified. Perhaps client and server are out of sync?

不存在对象:此URI中不存在对象,但指定了“哈希”属性。也许客户端和服务器不同步?

no_object_matching_hash: The "hash" attribute supplied does not match the "hash" attribute of the object at this URI. Perhaps client and server are out of sync?

无\u对象\u匹配\u哈希:提供的“哈希”属性与此URI处对象的“哈希”属性不匹配。也许客户端和服务器不同步?

consistency_problem: Server detected an update that looks like it will cause a consistency problem (e.g., an object was deleted, but the manifest was not updated). Note that a server is not required to make such checks. Indeed, it may be unwise for a server to do so. This error code just provides a way for the server to explain its (in-)action.

一致性问题:服务器检测到一个更新,该更新看起来会导致一致性问题(例如,一个对象已被删除,但清单未更新)。请注意,不需要服务器进行此类检查。事实上,服务器这样做可能是不明智的。此错误代码只是为服务器提供了一种解释其(正在)操作的方法。

other_error: A meteor fell on the server.

其他错误:一颗流星落在服务器上。

2.6. XML Schema
2.6. XML模式

The following is a [RELAX-NG] compact form schema describing the publication protocol.

以下是描述发布协议的[RELAX-NG]紧凑形式模式。

This schema is normative: in the event of a disagreement between this schema and the document text above, this schema is authoritative.

此模式是规范性的:如果此模式与上述文档文本之间存在分歧,则此模式具有权威性。

# RELAX NG schema for RPKI publication protocol.

#RPKI发布协议的RELAXNG架构。

   default namespace =
       "http://www.hactrn.net/uris/rpki/publication-spec/"
        
   default namespace =
       "http://www.hactrn.net/uris/rpki/publication-spec/"
        

# This is version 4 of the protocol.

#这是协议的第4版。

   version = "4"
        
   version = "4"
        

# Top-level PDU is either a query or a reply.

#顶级PDU是查询或答复。

   start |= element msg {
     attribute version { version },
     attribute type    { "query" },
     query_elt
   }
        
   start |= element msg {
     attribute version { version },
     attribute type    { "query" },
     query_elt
   }
        
   start |= element msg {
     attribute version { version },
     attribute type    { "reply" },
     reply_elt
   }
        
   start |= element msg {
     attribute version { version },
     attribute type    { "reply" },
     reply_elt
   }
        

# Tag attributes for bulk operations.

#批量操作的标记属性。

   tag = attribute tag { xsd:token { maxLength="1024" } }
        
   tag = attribute tag { xsd:token { maxLength="1024" } }
        

# Base64-encoded DER stuff.

#基本的东西。

base64 = xsd:base64Binary

base64=xsd:base64Binary

# Publication URIs.

#出版物URI。

   uri = attribute uri { xsd:anyURI { maxLength="4096" } }
        
   uri = attribute uri { xsd:anyURI { maxLength="4096" } }
        

# Digest of an existing object (hexadecimal).

#现有对象的摘要(十六进制)。

   hash = attribute hash { xsd:string { pattern = "[0-9a-fA-F]+" } }
        
   hash = attribute hash { xsd:string { pattern = "[0-9a-fA-F]+" } }
        

# Error codes.

#错误代码。

error |= "xml_error" error |= "permission_failure" error |= "bad_cms_signature" error |= "object_already_present" error |= "no_object_present" error |= "no_object_matching_hash" error |= "consistency_problem" error |= "other_error"

错误|=“xml错误”错误|=“权限失败”错误|=“坏的cms签名”错误|=“对象已存在”错误|=“无对象存在”错误|=“无对象匹配散列”错误|=“一致性问题”错误|=“其他错误”

   # <publish/> and <withdraw/> query elements
        
   # <publish/> and <withdraw/> query elements
        
   query_elt |= (
     element publish  { tag, uri, hash?, base64 } |
     element withdraw { tag, uri, hash          }
   )*
        
   query_elt |= (
     element publish  { tag, uri, hash?, base64 } |
     element withdraw { tag, uri, hash          }
   )*
        
   # <success/> reply
        
   # <success/> reply
        
   reply_elt |= element success { empty }
        
   reply_elt |= element success { empty }
        
   # <list/> query and reply
        
   # <list/> query and reply
        
   query_elt |= element list { empty }
   reply_elt |= element list { uri, hash }*
        
   query_elt |= element list { empty }
   reply_elt |= element list { uri, hash }*
        
   # <report_error/> reply
        
   # <report_error/> reply
        
   reply_elt |= element report_error {
     tag?,
     attribute error_code { error },
     element   error_text { xsd:string { maxLength="512000" }}?,
     element   failed_pdu { query_elt }?
   }*
        
   reply_elt |= element report_error {
     tag?,
     attribute error_code { error },
     element   error_text { xsd:string { maxLength="512000" }}?,
     element   failed_pdu { query_elt }?
   }*
        
3. Examples
3. 例子

Following are examples of various queries and the corresponding replies for the RPKI publication protocol.

以下是RPKI发布协议的各种查询和相应回复的示例。

Note that the authors have taken liberties with the Base64, hash, and URI text in these examples in the interest of making the examples fit nicely into RFC text format. Similarly, these examples do not show the CMS signature wrapper around the XML, just the XML payload.

注意,作者在这些示例中对Base64、hash和URI文本进行了自由处理,以使示例很好地适合RFC文本格式。类似地,这些示例没有显示XML周围的CMS签名包装器,只是XML负载。

3.1. <publish/> Query, No Existing Object
3.1. <publish/>查询,没有现有对象
   <msg
       type="query"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <!-- body is base64(new-object) -->
     <publish
         tag=""
         uri="rsync://wombat.example/Alice/01a97a70ac477f06.cer">
         SGVsbG8sIG15IG5hbWUgaXMgQWxpY2U=
       </publish>
   </msg>
        
   <msg
       type="query"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <!-- body is base64(new-object) -->
     <publish
         tag=""
         uri="rsync://wombat.example/Alice/01a97a70ac477f06.cer">
         SGVsbG8sIG15IG5hbWUgaXMgQWxpY2U=
       </publish>
   </msg>
        
3.2. <publish/> Query, Overwriting Existing Object
3.2. <publish/>查询,覆盖现有对象
   <msg
       type="query"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <!-- hash is hex(SHA-256(old-object)) -->
     <!-- body is base64(new-object) -->
     <publish
         hash="01a97a70ac477f06"
         tag="foo"
         uri="rsync://wombat.example/Alice/01a97a70ac477f06.cer">
         SGVsbG8sIG15IG5hbWUgaXMgQWxpY2U=
       </publish>
   </msg>
        
   <msg
       type="query"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <!-- hash is hex(SHA-256(old-object)) -->
     <!-- body is base64(new-object) -->
     <publish
         hash="01a97a70ac477f06"
         tag="foo"
         uri="rsync://wombat.example/Alice/01a97a70ac477f06.cer">
         SGVsbG8sIG15IG5hbWUgaXMgQWxpY2U=
       </publish>
   </msg>
        
3.3. <withdraw/> Query
3.3. <draw/>查询
   <msg
       type="query"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <!-- hash is hex(SHA-256(old-object)) -->
     <withdraw
         hash="01a97a70ac477f06"
         tag="foo"
         uri="rsync://wombat.example/Alice/01a97a70ac477f06.cer"/>
   </msg>
        
   <msg
       type="query"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <!-- hash is hex(SHA-256(old-object)) -->
     <withdraw
         hash="01a97a70ac477f06"
         tag="foo"
         uri="rsync://wombat.example/Alice/01a97a70ac477f06.cer"/>
   </msg>
        
3.4. <success/> Reply
3.4. <success/>回复
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <success/>
   </msg>
        
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <success/>
   </msg>
        
3.5. <report_error/> with Optional Elements
3.5. 带有可选元素的<report\u error/>
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <report_error
         error_code="no_object_matching_hash"
         tag="foo">
       <error_text>
         Can't delete an object I don't have
       </error_text>
       <failed_pdu>
         <publish
             hash="01a97a70ac477f06"
             tag="foo"
             uri="rsync://wombat.example/Alice/01a97a70ac477f06.cer">
         SGVsbG8sIG15IG5hbWUgaXMgQWxpY2U=
       </publish>
       </failed_pdu>
     </report_error>
   </msg>
        
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <report_error
         error_code="no_object_matching_hash"
         tag="foo">
       <error_text>
         Can't delete an object I don't have
       </error_text>
       <failed_pdu>
         <publish
             hash="01a97a70ac477f06"
             tag="foo"
             uri="rsync://wombat.example/Alice/01a97a70ac477f06.cer">
         SGVsbG8sIG15IG5hbWUgaXMgQWxpY2U=
       </publish>
       </failed_pdu>
     </report_error>
   </msg>
        
3.6. <report_error/> without Optional Elements
3.6. <report\u error/>不带可选元素
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <report_error
         error_code="object_already_present"
         tag="foo"/>
   </msg>
        
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <report_error
         error_code="object_already_present"
         tag="foo"/>
   </msg>
        
3.7. Error Handling with Multi-Element Queries
3.7. 多元素查询的错误处理
3.7.1. Multi-Element Query
3.7.1. 多元查询
   <msg
       type="query"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <publish
         tag="Alice"
         uri="rsync://wombat.example/Alice/01a97a70ac477f06.cer">
         SGVsbG8sIG15IG5hbWUgaXMgQWxpY2U=
       </publish>
     <withdraw
         hash="f46a4198efa3070e"
         tag="Bob"
         uri="rsync://wombat.example/Bob/f46a4198efa3070e.cer"/>
     <publish
         tag="Carol"
         uri="rsync://wombat.example/Carol/32e0544eeb510ec0.cer">
         SGVsbG8sIG15IG5hbWUgaXMgQ2Fyb2w=
       </publish>
     <withdraw
         hash="421ee4ac65732d72"
         tag="Dave"
         uri="rsync://wombat.example/Dave/421ee4ac65732d72.cer"/>
     <publish
         tag="Eve"
         uri="rsync://wombat.example/Eve/9dd859b01e5c2ebd.cer">
         SGVsbG8sIG15IG5hbWUgaXMgRXZl
       </publish>
   </msg>
        
   <msg
       type="query"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <publish
         tag="Alice"
         uri="rsync://wombat.example/Alice/01a97a70ac477f06.cer">
         SGVsbG8sIG15IG5hbWUgaXMgQWxpY2U=
       </publish>
     <withdraw
         hash="f46a4198efa3070e"
         tag="Bob"
         uri="rsync://wombat.example/Bob/f46a4198efa3070e.cer"/>
     <publish
         tag="Carol"
         uri="rsync://wombat.example/Carol/32e0544eeb510ec0.cer">
         SGVsbG8sIG15IG5hbWUgaXMgQ2Fyb2w=
       </publish>
     <withdraw
         hash="421ee4ac65732d72"
         tag="Dave"
         uri="rsync://wombat.example/Dave/421ee4ac65732d72.cer"/>
     <publish
         tag="Eve"
         uri="rsync://wombat.example/Eve/9dd859b01e5c2ebd.cer">
         SGVsbG8sIG15IG5hbWUgaXMgRXZl
       </publish>
   </msg>
        
3.7.2. Successful Multi-Element Response
3.7.2. 成功的多元反应
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <success/>
   </msg>
        
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <success/>
   </msg>
        
3.7.3. Failure Multi-Element Response, First Error Only
3.7.3. 故障多元件响应,仅第一个错误
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <report_error
         error_code="no_object_matching_hash"
         tag="Dave">
       <failed_pdu>
         <withdraw
             hash="421ee4ac65732d72"
             tag="Dave"
             uri="rsync://wombat.example/Dave/421ee4ac65732d72.cer"/>
       </failed_pdu>
     </report_error>
   </msg>
        
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <report_error
         error_code="no_object_matching_hash"
         tag="Dave">
       <failed_pdu>
         <withdraw
             hash="421ee4ac65732d72"
             tag="Dave"
             uri="rsync://wombat.example/Dave/421ee4ac65732d72.cer"/>
       </failed_pdu>
     </report_error>
   </msg>
        
3.7.4. Failure Multi-Element Response, All Errors
3.7.4. 故障多元件响应,所有错误
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <report_error
         error_code="no_object_matching_hash"
         tag="Dave">
       <failed_pdu>
         <withdraw
             hash="421ee4ac65732d72"
             tag="Dave"
             uri="rsync://wombat.example/Dave/421ee4ac65732d72.cer"/>
       </failed_pdu>
     </report_error>
     <report_error
         error_code="object_already_present"
         tag="Eve">
       <failed_pdu>
         <publish
             tag="Eve"
             uri="rsync://wombat.example/Eve/9dd859b01e5c2ebd.cer">
         SGVsbG8sIG15IG5hbWUgaXMgRXZl
       </publish>
       </failed_pdu>
     </report_error>
   </msg>
        
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <report_error
         error_code="no_object_matching_hash"
         tag="Dave">
       <failed_pdu>
         <withdraw
             hash="421ee4ac65732d72"
             tag="Dave"
             uri="rsync://wombat.example/Dave/421ee4ac65732d72.cer"/>
       </failed_pdu>
     </report_error>
     <report_error
         error_code="object_already_present"
         tag="Eve">
       <failed_pdu>
         <publish
             tag="Eve"
             uri="rsync://wombat.example/Eve/9dd859b01e5c2ebd.cer">
         SGVsbG8sIG15IG5hbWUgaXMgRXZl
       </publish>
       </failed_pdu>
     </report_error>
   </msg>
        
3.8. <list/> Query
3.8. <list/>查询
   <msg
       type="query"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <list/>
   </msg>
        
   <msg
       type="query"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <list/>
   </msg>
        
3.9. <list/> Reply
3.9. <list/>答复
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <list
         hash="eb719b72f0648cf4"
         uri="rsync://wombat.example/Fee/eb719b72f0648cf4.cer"/>
     <list
         hash="c7c50a68b7aa50bf"
         uri="rsync://wombat.example/Fie/c7c50a68b7aa50bf.cer"/>
     <list
         hash="f222481ded47445d"
         uri="rsync://wombat.example/Foe/f222481ded47445d.cer"/>
     <list
         hash="15b94e08713275bc"
         uri="rsync://wombat.example/Fum/15b94e08713275bc.cer"/>
   </msg>
        
   <msg
       type="reply"
       version="4"
       xmlns="http://www.hactrn.net/uris/rpki/publication-spec/">
     <list
         hash="eb719b72f0648cf4"
         uri="rsync://wombat.example/Fee/eb719b72f0648cf4.cer"/>
     <list
         hash="c7c50a68b7aa50bf"
         uri="rsync://wombat.example/Fie/c7c50a68b7aa50bf.cer"/>
     <list
         hash="f222481ded47445d"
         uri="rsync://wombat.example/Foe/f222481ded47445d.cer"/>
     <list
         hash="15b94e08713275bc"
         uri="rsync://wombat.example/Fum/15b94e08713275bc.cer"/>
   </msg>
        
4. IANA Considerations
4. IANA考虑

IANA has registered the "application/rpki-publication" media type as follows:

IANA已注册“应用程序/rpki出版物”媒体类型,如下所示:

      Type name:  application
      Subtype name:  rpki-publication
      Required parameters:  None
      Optional parameters:  None
      Encoding considerations:  binary
      Security considerations:  Carries an RPKI publication protocol
         message, as defined in RFC 8181.
      Interoperability considerations:  None
      Published specification:  RFC 8181
      Applications which use this media type: HTTP
      Additional information:
         Magic number(s):  None
         File extension(s):  None
         Macintosh File Type Code(s):  None
      Person & email address to contact for further information:
         Rob Austein <sra@hactrn.net>
      Intended usage:  COMMON
      Author/Change controller: IETF
        
      Type name:  application
      Subtype name:  rpki-publication
      Required parameters:  None
      Optional parameters:  None
      Encoding considerations:  binary
      Security considerations:  Carries an RPKI publication protocol
         message, as defined in RFC 8181.
      Interoperability considerations:  None
      Published specification:  RFC 8181
      Applications which use this media type: HTTP
      Additional information:
         Magic number(s):  None
         File extension(s):  None
         Macintosh File Type Code(s):  None
      Person & email address to contact for further information:
         Rob Austein <sra@hactrn.net>
      Intended usage:  COMMON
      Author/Change controller: IETF
        
5. Security Considerations
5. 安全考虑

The RPKI publication protocol and the data it publishes use entirely separate PKIs for authentication. The published data is authenticated within the RPKI, and this protocol has nothing to do with that authentication, nor does it require that the published objects be valid in the RPKI. The publication protocol uses a separate BPKI to authenticate its messages.

RPKI发布协议及其发布的数据使用完全独立的PKI进行身份验证。已发布的数据在RPKI中进行身份验证,该协议与该身份验证无关,也不要求已发布的对象在RPKI中有效。发布协议使用单独的BPKI对其消息进行身份验证。

Each RPKI publication protocol message is wrapped in a signed CMS message, which provides message integrity protection and an auditable form of message authentication. Because of these protections at the application layer, and because all the data being published are intended to be public information in any case, this protocol does not, strictly speaking, require the use of HTTPS or other transport security mechanisms. There may, however, be circumstances in which a particular publication operator may prefer HTTPS over HTTP anyway, as a matter of (BPKI) CA policy. Use of HTTP versus HTTPS here is, essentially, a private matter between the repository operator and its clients. Note, however, that even if a client/server pair uses HTTPS for this protocol, message authentication for this protocol is still based on the CMS signatures, not HTTPS.

每个RPKI发布协议消息都封装在签名CMS消息中,该消息提供消息完整性保护和可审核的消息身份验证形式。由于在应用层有这些保护,并且由于在任何情况下发布的所有数据都是公开信息,因此严格来说,该协议不需要使用HTTPS或其他传输安全机制。然而,在某些情况下,作为(BPKI)CA策略的一部分,特定的发布运营商可能更喜欢HTTPS而不是HTTP。在这里,HTTP与HTTPS的使用本质上是存储库运营商与其客户机之间的私事。但是,请注意,即使客户机/服务器对使用HTTPS进行此协议,此协议的消息身份验证仍然基于CMS签名,而不是HTTPS。

Although the hashes used in the <publish/> and <withdraw/> PDUs are cryptographically strong, the digest algorithm was selected for convenience in comparing these hashes with the hashes that appear in RPKI manifests. The hashes used in the <publish/> and <withdraw/> PDUs are not particularly security sensitive because these PDUs are protected by the CMS signatures. Because of this, the most likely reason for a change to this digest algorithm would be to track a corresponding change in the digest algorithm used in RPKI manifests. If and when such a change happens, it will require incrementing the version number of this publication protocol, but given that the most likely implementation of a publication server uses these hashes as lookup keys in a database, bumping the protocol version number would be a relatively minor portion of the effort of changing the algorithm.

尽管<publish/>和<draw/>PDU中使用的散列具有很强的加密能力,但选择摘要算法是为了方便将这些散列与RPKI清单中出现的散列进行比较。<publish/>和<draw/>PDU中使用的哈希不是特别安全敏感的,因为这些PDU受CMS签名的保护。因此,更改此摘要算法的最可能原因是跟踪RPKI清单中使用的摘要算法中的相应更改。如果发生这样的更改,则需要增加此发布协议的版本号,但考虑到发布服务器的最可能实现将这些哈希用作数据库中的查找键,更改协议版本号将是更改算法的相对较小的部分。

Compromise of a publication server, perhaps through mismanagement of BPKI private keys, could lead to a denial-of-service attack on the RPKI. An attacker gaining access to BPKI private keys could use this protocol to delete (withdraw) RPKI objects, leading to routing changes or failures. Accordingly, as in most PKIs, good key management practices are important.

发布服务器受损(可能是由于BPKI私钥管理不当),可能会导致对RPKI的拒绝服务攻击。获得BPKI私钥访问权限的攻击者可以使用此协议删除(撤回)RPKI对象,从而导致路由更改或失败。因此,与大多数公钥基础设施一样,良好的密钥管理做法非常重要。

6. References
6. 工具书类
6.1. Normative References
6.1. 规范性引用文件

[RELAX-NG] Clark, J., "RELAX NG Compact Syntax", OASIS Committee Specification, November 2002, <https://www.oasis-open.org/committees/relax-ng/ compact-20021121.html>.

[RELAX-NG]Clark,J.,“RELAX-NG紧凑语法”,绿洲委员会规范,2002年11月<https://www.oasis-open.org/committees/relax-ng/ compact-20021121.html>。

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.

[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005, <http://www.rfc-editor.org/info/rfc3986>.

[RFC3986]Berners Lee,T.,Fielding,R.,和L.Masinter,“统一资源标识符(URI):通用语法”,STD 66,RFC 3986,DOI 10.17487/RFC3986,2005年1月<http://www.rfc-editor.org/info/rfc3986>.

[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, <http://www.rfc-editor.org/info/rfc4648>.

[RFC4648]Josefsson,S.,“Base16、Base32和Base64数据编码”,RFC 4648,DOI 10.17487/RFC4648,2006年10月<http://www.rfc-editor.org/info/rfc4648>.

[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, RFC 5652, DOI 10.17487/RFC5652, September 2009, <http://www.rfc-editor.org/info/rfc5652>.

[RFC5652]Housley,R.,“加密消息语法(CMS)”,STD 70,RFC 5652,DOI 10.17487/RFC5652,2009年9月<http://www.rfc-editor.org/info/rfc5652>.

[RFC5781] Weiler, S., Ward, D., and R. Housley, "The rsync URI Scheme", RFC 5781, DOI 10.17487/RFC5781, February 2010, <http://www.rfc-editor.org/info/rfc5781>.

[RFC5781]Weiler,S.,Ward,D.,和R.Housley,“rsync URI方案”,RFC 5781,DOI 10.17487/RFC5781,2010年2月<http://www.rfc-editor.org/info/rfc5781>.

[RFC6492] Huston, G., Loomans, R., Ellacott, B., and R. Austein, "A Protocol for Provisioning Resource Certificates", RFC 6492, DOI 10.17487/RFC6492, February 2012, <http://www.rfc-editor.org/info/rfc6492>.

[RFC6492]Huston,G.,Loomans,R.,Ellacott,B.,和R.Austein,“资源证书供应协议”,RFC 6492,DOI 10.17487/RFC6492,2012年2月<http://www.rfc-editor.org/info/rfc6492>.

[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014, <http://www.rfc-editor.org/info/rfc7230>.

[RFC7230]Fielding,R.,Ed.和J.Reschke,Ed.,“超文本传输协议(HTTP/1.1):消息语法和路由”,RFC 7230,DOI 10.17487/RFC7230,2014年6月<http://www.rfc-editor.org/info/rfc7230>.

[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <http://www.rfc-editor.org/info/rfc8174>.

[RFC8174]Leiba,B.,“RFC 2119关键词中大写与小写的歧义”,BCP 14,RFC 8174,DOI 10.17487/RFC8174,2017年5月<http://www.rfc-editor.org/info/rfc8174>.

[SHS] National Institute of Standards and Technology, "Secure Hash Standard (SHS)", FIPS PUB 180-4, DOI 10.6028/NIST.FIPS.180-4, August 2015, <http://nvlpubs.nist.gov/nistpubs/FIPS/ NIST.FIPS.180-4.pdf>.

[SHS]国家标准与技术研究所,“安全哈希标准(SHS)”,FIPS PUB 180-4,DOI 10.6028/NIST.FIPS.180-42015年8月<http://nvlpubs.nist.gov/nistpubs/FIPS/ NIST.FIPS.180-4.pdf>。

[XML] Cowan, J., "Extensible Markup Language (XML) 1.1", W3C Consortium Recommendation REC-xml11-20060816, October 2002, <http://www.w3.org/TR/2002/CR-xml11-20021015>.

[XML]Cowan,J.,“可扩展标记语言(XML)1.1”,W3C联盟建议REC-xml11-20060816,2002年10月<http://www.w3.org/TR/2002/CR-xml11-20021015>.

6.2. Informative References
6.2. 资料性引用

[RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support Secure Internet Routing", RFC 6480, DOI 10.17487/RFC6480, February 2012, <http://www.rfc-editor.org/info/rfc6480>.

[RFC6480]Lepinski,M.和S.Kent,“支持安全互联网路由的基础设施”,RFC 6480,DOI 10.17487/RFC6480,2012年2月<http://www.rfc-editor.org/info/rfc6480>.

[RFC8182] Bruijnzeels, T., Muravskiy, O., Weber, B., and R. Austein, "The RPKI Repository Delta Protocol (RRDP)", RFC 8182, DOI 10.17487/RFC8182, July 2017, <http://www.rfc-editor.org/info/rfc8182>.

[RFC8182]Bruijnzeels,T.,Muravskiy,O.,Weber,B.,和R.Austein,“RPKI存储库增量协议(RRDP)”,RFC 8182,DOI 10.17487/RFC8182,2017年7月<http://www.rfc-editor.org/info/rfc8182>.

[RFC8183] Austein, R., "An Out-of-Band Setup Protocol for Resource Public Key Infrastructure (RPKI) Production Services", RFC 8183, DOI 10.17487/RFC8183, July 2017, <http://www.rfc-editor.org/info/rfc8183>.

[RFC8183]Austein,R.,“资源公钥基础设施(RPKI)生产服务的带外设置协议”,RFC 8183,DOI 10.17487/RFC8183,2017年7月<http://www.rfc-editor.org/info/rfc8183>.

Acknowledgements

致谢

The authors would like to thank: Geoff Huston, George Michaelson, Oleg Muravskiy, Paul Wouters, Randy Bush, Rob Loomans, Robert Kisteleki, Tim Bruijnzeels, Tom Petch, and anybody else who helped along the way but whose name(s) the authors have temporarily forgotten.

作者要感谢:杰夫·休斯顿、乔治·迈克尔森、奥列格·穆拉夫斯基、保罗·沃特斯、兰迪·布什、罗伯·卢曼斯、罗伯特·基斯特莱基、蒂姆·布伦泽尔、汤姆·佩奇,以及其他在这一过程中提供帮助但作者暂时忘记了姓名的人。

Authors' Addresses

作者地址

Samuel Weiler W3C / MIT

塞缪尔·韦勒W3C/MIT

   Email: weiler@csail.mit.edu
        
   Email: weiler@csail.mit.edu
        

Anuja Sonalker STEER Tech

Anuja Sonalker转向技术公司

   Email: anuja@steer-tech.com
        
   Email: anuja@steer-tech.com
        

Rob Austein Dragon Research Labs

Rob Austein Dragon研究实验室

   Email: sra@hactrn.net
        
   Email: sra@hactrn.net