1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
|
;;; -*- Lisp -*-
;;; $URL$
;;; $Id$
;;;
;;; Scratch pad for working out API design for RPKI engine.
;;;
;;; This file is psuedocode, I just wanted to take advantage of
;;; emacs's built-in support for languages with reasonable syntax.
;;;
;;; Terminology:
;;;
;;; - IRBE: Internet Registry Back End
;;;
;;; - RE: RPKI Engine
;;; Current problems:
;;; Need revoke and rekey operations for RPKI keys. First problem is
;;; how does the IRBE name the key that is to roll if keypairs are
;;; created on the fly? For that matter, how do we specify signature
;;; and hash algorithm, keylength, etc for RPKI keys? Preferences?
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;
;;; Protocol operations between IRBE and RE.
;;;
;;; This is really two separate protocols over channels that might or
;;; not be the same. Both are client/server protocols, but for some
;;; the RE is the client and for others the IRBE is the client.
;;;
;;; This set of operations are initiated by the IRBE.
;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;
;;; This part of the protcol uses a kind of message-passing. Each
;;; object that the RE knows about takes five messages: :create, :set,
;;; :get, :list, and :destroy. Actions which are not just data
;;; operations on objects are handled via an SNMP-like mechanism, as
;;; if they were fields to be set. For example, to generate a keypair
;;; one "sets" the :generate-keypair field of a biz-signing-context
;;; object, even though there is no such field in the object itself.
;;; This is a bit of a kludge, but the reason for doing it as if these
;;; were variables being set is to allow composite operations such as
;;; creating a biz-signing-context, populating all of its data fields,
;;; and generating a keypair, all as a single operation. With this
;;; model, that's trivial, otherwise it's at least two round trips.
;;;
;;; Fields can be set in either :create or :set operations, the
;;; difference just being whether the object already exists. A :get
;;; operation returns all visible fields of the object. A :list
;;; operation returns a list containing what :get would have returned
;;; on each of those objects.
;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; "Self" ID context -- one RE instance. In degenerate case there
;; will be only one, but in hosting environments there might be many.
;;
;; We haven't yet defined any standard preferences, so none are shown.
;;
;; Extensions might also show up as preferences, using the
;; extension-preference syntax.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
(self :action :create
(:extension-preference "name" "Launcelot")
(:extension-preference "quest" "Holy Grail"))
=> (self :self-id 42)
(self :action :set
:self-id 42
(:extension-preference "color" "Blue")
;;
;; <self> objects have a lot of actions:
;;
(:rekey) ; Change all RPKI keys in this context now
(:reissue) ; Reissue any cert with changed keys
(:revoke) ; Revoke any old keys
(:run-now) ; Run this self context now
(:publish-world-now)) ; Publish everything in this context now
=> (self :self-id 42)
(self :action :get
:self-id 42)
=> (self
:self-id 42
(:extension-preference "name" "Launcelot")
(:extension-preference "quest" "Holy Grail")
(:extension-preference "color" "Blue"))
(self :action :list)
=> ((self
:self-id 42
(:extension-preference "name" "Launcelot")
(:extension-preference "quest" "Holy Grail")
(:extension-preference "color" "Blue"))
(self
:self-id 99
(:extension-preference "name" "Arthur, King of the Britons")
(:extension-preference "quest" "Holy Grail")
(:extension-preference "airspeed-velocity-of-an-unladen-swallow"
"African or European swallow?")))
(self :action :destroy
:self-id 42)
=> (self :self-id 42)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Business signing key context -- bundles all the stuff we need to
;; sign outgoing CMS messages with a business key.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
(biz-signing-context :action :create
:self-id 42
(:signing-cert cert1)
;;
;; Actions:
;;
(:generate-keypair :key-type :rsa
:hash-alg :sha1
:key-length 2048))
=> (biz-signing-context :biz-signing-context-id 17)
(biz-signing-context :action :set
:self-id 42
:biz-signing-context-id 17
(:signing-cert cert2))
=> (biz-signing-context :biz-signing-context-id 17
(:pkcs10-cert-request req))
(biz-signing-context :action :get
:self-id 42
:biz-signing-context-id 17)
=> (biz-signing-context :biz-signing-context-id 17
(:signing-cert cert1)
(:signing-cert cert2)
(:public-key key))
(biz-signing-context :action :list
:self-id 42)
=> ((biz-signing-context :biz-signing-context-id 17
(:signing-cert cert1)
(:signing-cert cert2)
(:public-key key)))
(biz-signing-context :action :destroy
:self-id 42
:biz-signing-context-id 17)
=> (biz-signing-context :biz-signing-context-id 17)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Parent context -- represents one parent of this RE
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
(parent :action :create
:self-id 42
(:ta ta)
(:uri uri)
(:sia-base sia-base)
(:biz-signing-context biz-signing-context)
(:repository repository))
=> (parent :parent-id 666)
(parent :action :set
:self-id 42
:parent-id 666
(:ta ta)
(:uri uri)
(:sia-base sia-base)
(:biz-signing-context biz-signing-context)
(:repository repository)
;;
;; Actions:
;;
(:rekey) ; Change all keys now
(:reissue) ; Reissue all certs with changed keys now
(:revoke)) ; Revoke any old keys now
=> (parent :parent-id 666)
(parent :action :get
:self-id 42
:parent-id 666)
=> (parent :parent-id 666
(:ta ta)
(:uri uri)
(:sia-base sia-base)
(:biz-signing-context biz-signing-context)
(:repository repository))
(parent :action :list
:self-id 42
:parent-id 666)
=> ((parent :parent-id 666
(:ta ta)
(:uri uri)
(:sia-base sia-base)
(:biz-signing-context biz-signing-context)
(:repository repository)))
(parent :action :destroy
:self-id 42
:parent-id 666)
=> (parent :parent-id 666)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Child context -- represents one child of this RE
;;
;; "child-db-id" may be unnecessary -- old API had both "child" and
;; "child-id", the second of which was a settable attribute of child,
;; I'm not quite sure what it was, so here I'm calling it child-db-id
;; in case we need it for something. Perhaps this corresponds to the
;; optional child ID in the list-resources callback to the IRBE?
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
(child :action :create
:self-id 42
(:ta ta)
(:biz-signing-context biz-signing-context)
(:child-db-id child-db-id))
=> (child :child-id 3)
(child :action :set
:self-id 42
:child-id 3
(:ta ta)
(:biz-signing-context biz-signing-context)
(:child-db-id child-db-id)
(:reissue)) ; Reissue any certs to this child now
=> (child :child-id 3)
(child :action :get
:self-id 42
:child-id 3)
=> (child :child-id 3
(:ta ta)
(:biz-signing-context biz-signing-context)
(:child-db-id child-db-id))
(child :action :list
:self-id 42
:child-id 3)
=> ((child :child-id 3
(:ta ta)
(:biz-signing-context biz-signing-context)
(:child-db-id child-db-id)))
(child :action :destroy
:self-id 42
:child-id 3)
=> (child :child-id 3)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Repository context -- represents one repository in which this RE
;; publishes objects it signs.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
(repository :action :create
:self-id 42
(:uri uri)
(:ta ta)
(:biz-signing-context biz-signing-context))
=> (repository :repository-id 120)
(repository :action :set
:self-id 42
:repository-id 120
(:uri uri)
(:ta ta)
(:biz-signing-context biz-signing-context))
=> (repository :repository-id 120)
(repository :action :get
:self-id 42
:repository-id 120)
=> (repository :repository-id 120
(:uri uri)
(:ta ta)
(:biz-signing-context biz-signing-context))
(repository :action :list
:self-id 42
:repository-id 120)
=> ((repository :repository-id 120
(:uri uri)
(:ta ta)
(:biz-signing-context biz-signing-context)))
(repository :action :destroy
:self-id 42
:repository-id 120)
=> (repository :repository-id 120)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Route Origin objects (prototype and control for ROAs)
;;
;; Previous versions of this protocol handled this via queries from
;; the RE back into the IRBE, but the design group now believes that
;; an imperative interface makes more sense. We stick to the same
;; general object model used above because ROAs are published objects,
;; thus the IRBE presumably wants some kind of handle on the ROA.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
(route-origin :action :create
:self-id 42)
=> (route-origin :route-origin-id 88)
(route-origin :action :set
:self-id 42
:route-origin-id 88
:as-number 12345
:publish :yes
(:ipv4-prefix 10.0.0.44 32)
(:ipv4-range 10.2.0.6 10.2.0.77)
(:ipv6-prefix 2002:a00:: 48)
(:ipv6-range 2002:a02:6:: 2002:a02:4d::))
=> (route-origin :route-origin-id 88)
(route-origin :action :get
:self-id 42
:route-origin-id 88)
=> (route-origin :route-origin-id 88
(:as-number 12345)
(:ipv4-prefix 10.0.0.44 32)
(:ipv4-range 10.2.0.6 10.2.0.77)
(:ipv6-prefix 2002:a00:: 48)
(:ipv6-range 2002:a02:6:: 2002:a02:4d::))
(route-origin :action :list
:self-id 42)
=> ((route-origin :route-origin-id 88
(:as-number 12345)
(:ipv4-prefix 10.0.0.44 32)
(:ipv4-range 10.2.0.6 10.2.0.77)
(:ipv6-prefix 2002:a00:: 48)
(:ipv6-range 2002:a02:6:: 2002:a02:4d::)))
(route-origin :action :destroy
:self-id 42
:route-origin-id 88)
=> (route-origin :route-origin-id 88)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; "Blind object signing" would probably be another imperative message
;; to be added above, similar to (route-origin).
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;
;;; Protocol operations between IRBE and RE.
;;;
;;; This is really two separate protocols over channels that might or
;;; not be the same. Both are client/server protocols, but for some
;;; the rpki engine and for others the irbe is the client.
;;;
;;; This set of operations are initiated by the RE.
;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
(list-resources :self-id 42 ; issuer id
&optional ; If left off, we're asking about self rather than child
:child id) ; subject id
=> (resources :valid-until 2008-04-01T00:00:00Z
((:ipv4-prefix 10.0.0.44 32)
(:ipv4-prefix 10.3.0.44 32)
(:ipv6-prefix fe80:dead:beef:: 48)
(:as-number 666))
((:subject-name "wombats are us") ; Allowed in protocol, but RE may reject with error
(:subset-ipv4-prefix 10.0.0.0 8)
(:ipv4-prefix 10.2..0.6 32)
(:ipv6-prefix fe80:dead:beef:: 48)
(:ipv6-range fe80:dead:beef:: fe80:dead:beef::49)
(:as-number 666))
...)
(report-error :self-id 42
:error-token :your-hair-is-on-fire
:bag-of-data whatever)
=> ()
|
