[sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-10.txt
internet-drafts@ietf.org Fri, 22 December 2017 14:44 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: sidr@ietf.org
Delivered-To: sidr@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3543112EADD; Fri, 22 Dec 2017 06:44:16 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: sidr@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.68.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151395385619.28008.7578453053550569599@ietfa.amsl.com>
Date: Fri, 22 Dec 2017 06:44:16 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/twGOuQWmPjL2myCbFZakjSwMgIQ>
Subject: [sidr] I-D Action: draft-ietf-sidr-rpki-validation-reconsidered-10.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Dec 2017 14:44:16 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Secure Inter-Domain Routing WG of the IETF. Title : RPKI Validation Reconsidered Authors : Geoff Huston George Michaelson Carlos M. Martinez Tim Bruijnzeels Andrew Lee Newton Daniel Shaw Filename : draft-ietf-sidr-rpki-validation-reconsidered-10.txt Pages : 27 Date : 2017-12-22 Abstract: This document specifies an alternative to the certificate validation procedure specified in RFC 6487 that reduces aspects of operational fragility in the management of certificates in the RPKI, while retaining essential security features. Where the procedure specified in RFC 6487 requires that Resource Certificates are rejecting entirely if they are found to over-claim any resources not contained on the issuing certificate, the validation process defined here allows an issuing Certificate Authority to chose to communicate that such Resource Certificates should be accepted for the intersection of their resources and the issuing certificate. It should be noted that the validation process defined here considers validation under a single Trust Anchor only. In particular, concerns regarding over-claims where multiple configured Trust Anchors claim overlapping resources are considered out of scope for this document. This choice is signalled by form of a set of alternative Object Identifiers (OIDs) of RFC 3779 X.509 Extensions for IP Addresses and AS Identifiers, and certificate policy for the Resource Public Key Infrastructure (RFC 6484). It should be noted that in case these OIDs are not used for any certificate under a Trust Anchor, the validation procedure defined here has the same outcome as the procedure defined in RFC 6487 Furthermore this document provides an alternative to ROA (RFC 6482), and BGPSec Router Certificate (BGPSec PKI Profiles - publication requested) validation. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-sidr-rpki-validation-reconsidered/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-sidr-rpki-validation-reconsidered-10 https://datatracker.ietf.org/doc/html/draft-ietf-sidr-rpki-validation-reconsidered-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-rpki-validation-reconsidered-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/
- [sidr] I-D Action: draft-ietf-sidr-rpki-validatio… internet-drafts