[sidr] I-D Action: draft-ietf-sidr-rpki-tree-validation-01.txt

internet-drafts@ietf.org Fri, 08 July 2016 22:51 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: sidr@ietf.org
Delivered-To: sidr@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 544A112D1D5; Fri, 8 Jul 2016 15:51:23 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.25.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160708225123.32075.21604.idtracker@ietfa.amsl.com>
Date: Fri, 08 Jul 2016 15:51:23 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/0B27E7M8ocRWx2m-Wye8mGoz5X8>
Cc: sidr@ietf.org
Subject: [sidr] I-D Action: draft-ietf-sidr-rpki-tree-validation-01.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 22:51:23 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing of the IETF.

        Title           : RPKI Certificate Tree Validation by a Relying Party Tool
        Authors         : Oleg Muravskiy
                          Tim Bruijnzeels
	Filename        : draft-ietf-sidr-rpki-tree-validation-01.txt
	Pages           : 12
	Date            : 2016-07-08

   This document describes the approach to validate the content of the
   RPKI certificate tree, as used by the RIPE NCC RPKI Validator.  This
   approach is independent of a particular object retrieval mechanism.
   This allows it to be used with repositories available over the rsync
   protocol, the RPKI Repository Delta Protocol, and repositories that
   use a mix of both.

   This algorithm does not rely on content of repository directories,
   but uses the Authority Key Identifier (AKI) field of a manifest and a
   certificate revocation list (CRL) objects to discover manifest and
   CRL objects issued by a particular Certificate Authority (CA).  It
   further uses the hashes of manifest entries to discover other objects
   issued by the CA.

The IETF datatracker status page for this draft is:

There's also a htmlized version available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at: