[sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-09.txt
internet-drafts@ietf.org Thu, 16 November 2017 07:59 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: sidr@ietf.org
Delivered-To: sidr@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E3E7D126BFD; Wed, 15 Nov 2017 23:59:51 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: sidr@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.66.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151081919187.28369.12154628810347674400@ietfa.amsl.com>
Date: Wed, 15 Nov 2017 23:59:51 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/-p8Br7YNj2U0jC59UTHrfrBraDM>
Subject: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-09.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 07:59:52 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing WG of the IETF.
Title : RPKI Validation Reconsidered
Authors : Geoff Huston
George Michaelson
Carlos M. Martinez
Tim Bruijnzeels
Andrew Lee Newton
Daniel Shaw
Filename : draft-ietf-sidr-rpki-validation-reconsidered-09.txt
Pages : 22
Date : 2017-11-15
Abstract:
This document specifies an alternative to the certificate validation
procedure specified in RFC 6487 that reduces aspects of operational
fragility in the management of certificates in the RPKI, while
retaining essential security features.
Where the procedure specified in RFC 6487 requires that Resource
Certificates are rejecting entirely if they are found to over-claim
any resources not contained on the issuing certificate, the
validation process defined here allows an issuing Certificate
Authority to chose to communicate that such Resource Certificates
should be accepted for the intersection of their resources and the
issuing certificate.
This choice is signalled by form of a set of alternative Object
Identifiers (OIDs) of RFC 3779 X.509 Extensions for IP Addresses and
AS Identifiers, and certificate policy for the Resource Public Key
Infrastructure (RFC 6484). It should be noted that in case these
OIDs are not used for any certificate under a Trust Anchor, the
validation procedure defined here has the same outcome as the
procedure defined in RFC 6487
Furthermore this document provides an alternative to ROA (RFC 6482),
and BGPSec Router Certificate (BGPSec PKI Profiles - publication
requested) validation.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-sidr-rpki-validation-reconsidered/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-sidr-rpki-validation-reconsidered-09
https://datatracker.ietf.org/doc/html/draft-ietf-sidr-rpki-validation-reconsidered-09
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-rpki-validation-reconsidered-09
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
- [sidr] I-D Action: draft-ietf-sidr-rpki-validatio… internet-drafts
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-valid… Tim Bruijnzeels