B.5 Feasibility of the direct cross-certification approach
33.3103GPPAuthentication Framework (AF)Network Domain Security (NDS)TS
This chapter discusses the direct cross-certification, i.e. manual cross-certification approach, where operators are doing the cross-certification operation only when agreeing to set up a tunnel with another operator. This tunnel setup is a legal and technical operation in any case, so it is feasible to do also the cross-certification at this time, removing the need for the initial step to cross-certify with the Bridge CA.
There is no technical difference regarding the feasibility of direct cross-certification or Bridge CA in the context of GRX or non-GRX environment. GRX might be one possible choice for providing the Bridge CA services.
B.5.1 Benefits of direct cross-certification
The benefits of the direct cross-certification is that as a mechanism it is well known, supported widely by current PKI products and there even exists an evolution path to a Bridge CA solution if the products come to support it adequately, a Bridge CA is established, and the number of operators becomes so large to warrant the use of the Bridge CA technology. Bridge CA uses the cross-certification mechanisms in any case.
The tunnel configuration would look like the following:
– Local-Subnetwork = some ipv6 subnetwork address;
– TrustedCA’s = LocalCA.
The information of which operator is allowed access is implicit in the direct cross-certifications that have been done by the LocalCA, thus authentication and access control are tightly connected. If different foreign operators need to access different subnetworks, there would be separate tunnel configurations with SEG IP address for each, including an "AllowedCertificateSubject" limitation. The "AllowedCertificateSigner" limitation is not needed as necessary in this model (compared to the bridge CA model), since the set of operators which can be authenticated are only the ones, that have previously been agreed to trust when doing the direct cross-certification. In the bridge CA case, the set of operators which can be authenticated includes all operators who have joined to the bridge.
B.5.2 Memory and processing power requirements
In case of direct cross-certification, each operator shall store the certificates issued for the other operators locally. They could be stored in the SEG devices, or then in a common repository.
Memory and processing power requirement are not an issue.
B.5.3 Shortcomings
As discussed in the previous section, the Bridge CA approach saves memory or storage space in SEGs, because all the other operators SEG CA certificates do not need to be stored with other operators. Just the Bridge CA certificate would be stored, and other certificates retrieved during IKE negotiation.
B.5.4 Possible evolution path to a Bridge CA
If needed, it is possible to take the Bridge CA into use gradually, given that the support by PKI products becomes reality. From one operator’s point of view, the bridge CA would be like any other operator so far, and a cross-certification would be made, but additionally the name constraints in the certificate issued for the Bridge CA should be updated every time a new roaming agreement is made.
Annex C (informative):
Decision for the CRL repository access protocol for SEGs
In order to document the decision for the protocol for SEGs to access CRL repositories, this section summarises technical advantages and disadvantages of the two candidates.
LDAP
+ implemented by all PKI products (unless purely manual)
+ scalability
+ flexibility (integration possibility to other systems, automatic public key retrieval possibility)
– complexity
HTTP
+ simple
– not supported by all PKI products (although widely supported)
LDAP was chosen as the more future-proof protocol. Although more complex than HTTP, LDAP is well established amongst PKI vendors and operators.
Annex D (informative):
Decision for storing the cross-certificates in CR
In order to document the decision for storing the cross-certificates in Certificate Repository, fetching those with LDAP and caching them in SEGs, this section summarises technical advantages and disadvantages of the three alternatives.
The following table summarizes differences between alternatives:
Table D.1
|
Issue |
A) Cross-certificates are stored into SEGs: |
B) Cross-certificates are stored into CRs: |
C) Cross-certificates are stored into CRs and cached in SEGs upon usage: |
|
1) Initialization issues: storing the cross-certificate during the cross-certification |
The cross-certificate is initially stored in several places, that is, into all SEGs (estimated number is between 2 and 10). Pros: – Cons: Certificate is initially copied in several places. SEGs from different manufacturers may have other O&M interfaces to handle the certificates. |
The cross-certificate is initially stored in CR. Pros: The handling is fully standardized. Certificate is initially copied in one place only. The operator should have the repository anyway (due to CRL handling). Cons: – |
The cross-certificate is initially stored in CR. Pros and cons as in B). |
|
2) Usage issues: latency during the IKE Phase 1 |
Pros: No extra latency Cons: – |
Pros: – Cons: More latency caused by extra LDAP query (the cross-certificate is queried) |
Pros & cons: as in B) at the first time, and as in A) at subsequent times |
|
3) Cleanup issues: removing the cross-certificate |
Pros: – Cons: The cross-certificate is removed from several places, that is, from all SEGs |
Pros: The cross-certificate is removed from one single place only Cons: – |
Pros: – Cons: The cross-certificate is removed from both CR and each SEG. |
|
NOTE: this functionality is needed only to be able to revoke cross-certificates before the next CRL gets published. |
|||
|
4) Security issues |
Pros: No single point of failure exists. Cons: – |
Pros: – Cons: CR represents a single point of failure suitable for an attacker, e.g. to submit a denial of service attack by breaking the communication at the CR. |
Pros: Single point of failure partly mitigated Cons: – |
Analysis:
– Alternative B) requires one additional LDAP query in every IKE Phase 1 negotiation and will introduce new error cases
– Latency of LDAP: information from LDAP to local disk is cached and populating it takes some time, but in practice this time is not significant.
– The benefit of alternative B) and C) compared to alternative A) is easier management, that is, storing and removing the certificate in/from one single place only.
Conclusion: alternative C) is the most feasible choice, because it combines good points of alternatives A) and B).
Annex E (informative):
TLS protocol profile
The TLS protocol profiles are located in TS 33.210 [1].
Annex F (informative):
Manual handling of TLS certificates