Internet Engineering Task Force (IETF) G. Huston Request for Comments: 6485 APNIC Category: Standards Track February 2012 ISSN: 2070-1721
Internet Engineering Task Force (IETF) G. Huston Request for Comments: 6485 APNIC Category: Standards Track February 2012 ISSN: 2070-1721
The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI)
用于资源公钥基础设施(RPKI)的算法和密钥大小配置文件
Abstract
摘要
This document specifies the algorithms, algorithms' parameters, asymmetric key formats, asymmetric key size, and signature format for the Resource Public Key Infrastructure (RPKI) subscribers that generate digital signatures on certificates, Certificate Revocation Lists, and signed objects as well as for the relying parties (RPs) that verify these digital signatures.
本文档规定了资源公钥基础设施(RPKI)订阅者的算法、算法参数、非对称密钥格式、非对称密钥大小和签名格式,这些订阅者为证书、证书撤销列表和签名对象以及依赖方(RPs)生成数字签名验证这些数字签名的。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6485.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6485.
Copyright Notice
版权公告
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2012 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
This document specifies:
本文件规定:
* the digital signature algorithm and parameters; * the hash algorithm and parameters; * the public and private key formats; and, * the signature format
* 数字签名算法和参数;*哈希算法和参数;*公钥和私钥格式;以及*签名格式
used by Resource Public Key Infrastructure (RPKI) subscribers when they apply digital signatures to certificates, Certificate Revocation Lists (CRLs), and signed objects (e.g., Route Origin Authorizations (ROAs) and manifests). Relying parties (RPs) also use the algorithms defined in this document to verify RPKI subscribers' digital signatures [RFC6480].
资源公钥基础设施(RPKI)订阅者在将数字签名应用于证书、证书吊销列表(CRL)和签名对象(例如路由来源授权(ROA)和清单)时使用。依赖方(RPs)也使用本文件中定义的算法来验证RPKI订户的数字签名[RFC6480]。
This document is referenced by other RPKI profiles and specifications, including the RPKI Certificate Policy (CP) [RFC6484], the RPKI Certificate Profile [RFC6487], the SIDR Architecture [RFC6480], and the Signed Object Template for the RPKI [RFC6488]. Familiarity with these documents is assumed.
本文档被其他RPKI配置文件和规范引用,包括RPKI证书策略(CP)[RFC6484]、RPKI证书配置文件[RFC6487]、SIDR体系结构[RFC6480]和RPKI的签名对象模板[RFC6488]。假设熟悉这些文档。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
Two cryptographic algorithms are used in the RPKI:
RPKI中使用了两种加密算法:
* The signature algorithm used in certificates, CRLs, and signed objects is RSA Public-Key Cryptography Standards (PKCS) #1 Version 1.5 (sometimes referred to as "RSASSA-PKCS1-v1_5") from Section 5 of [RFC4055].
* 证书、CRL和签名对象中使用的签名算法是[RFC4055]第5节中的RSA公钥加密标准(PKCS)#1版本1.5(有时称为“RSASSA-PKCS1-v1_5”)。
* The hashing algorithm used in certificates, CRLs, and signed objects is SHA-256 [SHS]. The hashing algorithm is not identified by itself when used in certificates and CRLs, as they are combined with the digital signature algorithm (see below).
* 证书、CRL和签名对象中使用的哈希算法是SHA-256[SHS]。在证书和CRL中使用哈希算法时,哈希算法本身无法识别,因为它们与数字签名算法结合在一起(见下文)。
When used in the Cryptographic Message Syntax (CMS) SignedData, the hash algorithm (in this case, the hash algorithm is sometimes called a message digest algorithm) is identified by itself. For CMS SignedData, the object identifier and parameters for SHA-256 (as defined in [RFC5754]) MUST be used
在加密消息语法(CMS)SignedData中使用时,哈希算法(在本例中,哈希算法有时称为消息摘要算法)由其自身识别。对于CMS SignedData,必须使用SHA-256(定义见[RFC5754])的对象标识符和参数
when populating the digestAlgorithms and digestAlgorithm fields.
填充digestAlgorithms和digestAlgorithm字段时。
NOTE: The exception to the above hashing algorithm is the use of SHA-1 [SHS] when Certification Authorities (CAs) generate authority and subject key identifiers [RFC6487].
注:上述散列算法的例外情况是,当证书颁发机构(CA)生成授权和主题密钥标识符[RFC6487]时,使用SHA-1[SHS]。
When used to generate and verify digital signatures the hash and digital signature algorithms are referred together, i.e., "RSA PKCS#1 v1.5 with SHA-256" or more simply "RSA with SHA-256". The Object Identifier (OID) sha256withRSAEncryption from [RFC4055] MUST be used.
当用于生成和验证数字签名时,散列算法和数字签名算法一起引用,即“RSA PKCS#1 v1.5 with SHA-256”或更简单的“RSA with SHA-256”。必须使用[RFC4055]中带有RSA加密的对象标识符(OID)SHA256。
Locations for this OID are as follows:
此OID的位置如下所示:
In the certificate, the OID appears in the signature and signatureAlgorithm fields [RFC4055];
在证书中,OID出现在签名和signatureAlgorithm字段[RFC4055]中;
In the CRL, the OID appears in the signatureAlgorithm field [RFC4055];
在CRL中,OID出现在signatureAlgorithm字段[RFC4055]中;
In CMS SignedData, the OID appears in each SignerInfo signatureAlgoithm field [RFC3370] using the OID from above; and,
在CMS SignedData中,OID使用上面的OID显示在每个SignerInfo SignatureAlgothm字段[RFC3370]中;和
In a certification request, the OID appears in the PKCS #10 signatureAlgorithm field [RFC2986] or in the Certificate Request Message Format (CRMF) POPOSigningKey signature field [RFC4211].
在认证请求中,OID出现在PKCS#10 signatureAlgorithm字段[RFC2986]或证书请求消息格式(CRMF)POPOSigningKey签名字段[RFC4211]中。
The RSA key pairs used to compute the signatures MUST have a 2048-bit modulus and a public exponent (e) of 65,537.
用于计算签名的RSA密钥对必须具有2048位模和65537的公共指数(e)。
The subject's public key is included in subjectPublicKeyInfo [RFC5280]. It has two sub-fields: algorithm and subjectPublicKey. The values for the structures and their sub-structures follow:
主题的公钥包含在主题公钥信息[RFC5280]中。它有两个子字段:算法和subjectPublicKey。结构及其子结构的值如下所示:
algorithm (which is an AlgorithmIdentifier type): The object identifier for RSA PKCS#1 v1.5 with SHA-256 MUST be used in the algorithm field, as specified in Section 5 of [RFC4055]. The value for the associated parameters from that clause MUST also be used for the parameters field.
算法(属于算法标识符类型):如[RFC4055]第5节所述,算法字段中必须使用RSA PKCS#1 v1.5和SHA-256的对象标识符。该子句中关联参数的值也必须用于参数字段。
subjectPublicKey: RSAPublicKey MUST be used to encode the certificate's subjectPublicKey field, as specified in [RFC4055].
subjectPublicKey:rsPublicKey必须用于对证书的subjectPublicKey字段进行编码,如[RFC4055]中所述。
Local policy determines the private key format.
本地策略确定私钥格式。
The structure for the certificate's signature field is as specified in Section 1.2 of [RFC4055]. The structure for the CMS SignedData's signature field is as specified in [RFC3370].
证书签名字段的结构如[RFC4055]第1.2节所述。CMS SignedData签名字段的结构如[RFC3370]所述。
It is anticipated that the RPKI will require the adoption of updated key sizes and a different set of signature and hash algorithms over time, in order to maintain an acceptable level of cryptographic security to protect the integrity of signed products in the RPKI. This profile should be replaced to specify such future requirements, as and when appropriate.
预计RPKI将需要随着时间的推移采用更新的密钥大小和一组不同的签名和散列算法,以保持可接受的加密安全级别,以保护RPKI中签名产品的完整性。在适当的情况下,应替换该概要文件,以规定此类未来要求。
CAs and RPs SHOULD be capable of supporting a transition to allow for the phased introduction of additional encryption algorithms and key specifications, and also accommodate the orderly deprecation of previously specified algorithms and keys. Accordingly, CAs and RPs SHOULD be capable of supporting multiple RPKI algorithm and key profiles simultaneously within the scope of such anticipated transitions. The recommended procedures to implement such a transition of key sizes and algorithms is not specified in this document.
CAs和RPs应能够支持过渡,以允许分阶段引入额外的加密算法和密钥规范,并适应之前指定的算法和密钥的有序弃用。因此,CAs和RPs应能够在此类预期转换的范围内同时支持多个RPKI算法和密钥配置文件。本文件未规定实现密钥大小和算法转换的推荐程序。
The Security Considerations of [RFC4055], [RFC5280], and [RFC6487] apply to certificates and CRLs. The Security Considerations of [RFC5754] apply to signed objects. No new security threats are introduced as a result of this specification.
[RFC4055]、[RFC5280]和[RFC6487]的安全注意事项适用于证书和CRL。[RFC5754]的安全注意事项适用于签名对象。本规范不会引入新的安全威胁。
The author acknowledges the reuse in this document of material originally contained in working drafts of the RPKI Certificate Policy [RFC6484] and the resource certificate profile [RFC6487] documents. The co-authors of these two documents, namely Stephen Kent, Derrick Kong, Karen Seo, Ronald Watro, George Michaelson, and Robert Loomans, are acknowledged, with thanks. The constraint on key size noted in this profile is the outcome of comments from Stephen Kent and review comments from David Cooper. Sean Turner has provided additional review input to this document.
作者承认在本文件中重新使用了最初包含在RPKI证书政策[RFC6484]和资源证书概要文件[RFC6487]工作草案中的材料。感谢这两份文件的共同作者斯蒂芬·肯特、德里克·孔、凯伦·塞、罗纳德·瓦特罗、乔治·迈克尔森和罗伯特·卢曼斯。本简介中提到的关键尺寸限制是Stephen Kent的评论和David Cooper的评论的结果。Sean Turner为本文件提供了额外的审查输入。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification Request Syntax Specification Version 1.7", RFC 2986, November 2000.
[RFC2986]Nystrom,M.和B.Kaliski,“PKCS#10:认证请求语法规范版本1.7”,RFC 2986,2000年11月。
[RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) Algorithms", RFC 3370, August 2002.
[RFC3370]Housley,R.,“加密消息语法(CMS)算法”,RFC3370,2002年8月。
[RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 4055, June 2005.
[RFC4055]Schaad,J.,Kaliski,B.,和R.Housley,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件中使用的RSA加密的其他算法和标识符”,RFC 4055,2005年6月。
[RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)", RFC 4211, September 2005.
[RFC4211]Schaad,J.“Internet X.509公钥基础设施证书请求消息格式(CRMF)”,RFC 42112005年9月。
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008.
[RFC5280]Cooper,D.,Santesson,S.,Farrell,S.,Boeyen,S.,Housley,R.,和W.Polk,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件”,RFC 52802008年5月。
[RFC5754] Turner, S., "Using SHA2 Algorithms with Cryptographic Message Syntax", RFC 5754, January 2010.
[RFC5754]Turner,S.,“将SHA2算法与加密消息语法结合使用”,RFC 5754,2010年1月。
[RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support Secure Internet Routing", RFC 6480, February 2012.
[RFC6480]Lepinski,M.和S.Kent,“支持安全互联网路由的基础设施”,RFC 6480,2012年2月。
[RFC6484] Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI)", BCP 173, RFC 6484, February 2012.
[RFC6484]Kent,S.,Kong,D.,Seo,K.,和R.Watro,“资源公钥基础设施(RPKI)的证书政策(CP)”,BCP 173,RFC 6484,2012年2月。
[RFC6487] Husotn, G., Michaelson, G., and R. Loomans, "A Profile for X.509 PKIX Resource Certificates", RFC 6487, February 2012.
[RFC6487]Husotn,G.,Michaelson,G.,和R.Loomans,“X.509 PKIX资源证书的配置文件”,RFC 6487,2012年2月。
[RFC6488] Lepinski, M., Chi, A., and S. Kent, "Signed Object Template for the Resource Public Key Infrastructure (RPKI)", RFC 6488, February 2012.
[RFC6488]Lepinski,M.,Chi,A.,和S.Kent,“资源公钥基础设施(RPKI)的签名对象模板”,RFC 6488,2012年2月。
[SHS] National Institute of Standards and Technology (NIST), "FIPS Publication 180-3: Secure Hash Standard (SHS)", FIPS Publication 180-3, October 2008.
[SHS]国家标准与技术研究所(NIST),“FIPS出版物180-3:安全哈希标准(SHS)”,FIPS出版物180-3,2008年10月。
Author's Address
作者地址
Geoff Huston APNIC
杰夫·休斯顿呼吸暂停
EMail: gih@apnic.net
EMail: gih@apnic.net