RFC 8209 on A Profile for BGPsec Router Certificates, Certificate Revocation Lists, and Certification Requests

rfc-editor@rfc-editor.org Thu, 28 September 2017 04:14 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3926D1352DB; Wed, 27 Sep 2017 21:14:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id QAyXAmynfl9Z; Wed, 27 Sep 2017 21:14:27 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A34501352CE; Wed, 27 Sep 2017 21:14:07 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 2F7EAB814C3; Wed, 27 Sep 2017 21:13:40 -0700 (PDT)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
Subject: RFC 8209 on A Profile for BGPsec Router Certificates, Certificate Revocation Lists, and Certification Requests
X-PHP-Originating-Script: 1005:ams_util_lib.php
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, sidr@ietf.org
Message-Id: <20170928041340.2F7EAB814C3@rfc-editor.org>
Date: Wed, 27 Sep 2017 21:13:40 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/KgaurfAgNWYloxl6FPFOI-AIW7I>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2017 04:14:29 -0000

A new Request for Comments is now available in online RFC libraries.

        RFC 8209

        Title:      A Profile for BGPsec Router 
                    Certificates, Certificate Revocation Lists, 
                    and Certification Requests 
        Author:     M. Reynolds, 
                    S. Turner,
                    S. Kent
        Status:     Standards Track
        Stream:     IETF
        Date:       September 2017
        Mailbox:    mcr@islandpeaksoftware.com, 
        Pages:      15
        Characters: 29355
        Updates:    RFC 6487

        I-D Tag:    draft-ietf-sidr-bgpsec-pki-profiles-21.txt

        URL:        https://www.rfc-editor.org/info/rfc8209

        DOI:        10.17487/RFC8209

This document defines a standard profile for X.509 certificates used
to enable validation of Autonomous System (AS) paths in the Border
Gateway Protocol (BGP), as part of an extension to that protocol
known as BGPsec.  BGP is the standard for inter-domain routing in the
Internet; it is the "glue" that holds the Internet together.  BGPsec
is being developed as one component of a solution that addresses the
requirement to provide security for BGP.  The goal of BGPsec is to
provide full AS path validation based on the use of strong
cryptographic primitives.  The end entity (EE) certificates specified
by this profile are issued to routers within an AS.  Each of these
certificates is issued under a Resource Public Key Infrastructure
(RPKI) Certification Authority (CA) certificate.  These CA
certificates and EE certificates both contain the AS Resource extension.
An EE certificate of this type asserts that
the router or routers holding the corresponding private key are
authorized to emit secure route advertisements on behalf of the
AS(es) specified in the certificate.  This document also profiles the
format of certification requests and specifies Relying Party (RP)
certificate path validation procedures for these EE certificates.
This document extends the RPKI; therefore, this document updates the
RPKI Resource Certificates Profile (RFC 6487).

This document is a product of the Secure Inter-Domain Routing Working Group of the IETF.

This is now a Proposed Standard.

STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, and requests discussion and suggestions
for improvements.  Please refer to the current edition of the Official
Internet Protocol Standards (https://www.rfc-editor.org/standards) for the 
standardization state and status of this protocol.  Distribution of this 
memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.

The RFC Editor Team
Association Management Solutions, LLC