[Sidrops] Last Call: <draft-ietf-sidrops-cms-signing-time-06.txt> (On the use of the CMS signing-time attribute in RPKI Signed Objects) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Mon, 26 February 2024 16:53 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: sidrops@ietf.org
Delivered-To: sidrops@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 57D83C151091; Mon, 26 Feb 2024 08:53:31 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 12.6.1
Auto-Submitted: auto-generated
Precedence: bulk
CC: draft-ietf-sidrops-cms-signing-time@ietf.org, housley@vigilsec.com, sidrops-chairs@ietf.org, sidrops@ietf.org, warren@kumari.net
Reply-To: last-call@ietf.org
Sender: iesg-secretary@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <170896641133.52515.10086461092362060374@ietfa.amsl.com>
Date: Mon, 26 Feb 2024 08:53:31 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/g80mbcIfaihh60yH_YpuyakIgU0>
Subject: [Sidrops] Last Call: <draft-ietf-sidrops-cms-signing-time-06.txt> (On the use of the CMS signing-time attribute in RPKI Signed Objects) to Proposed Standard
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2024 16:53:31 -0000
The IESG has received a request from the SIDR Operations WG (sidrops) to consider the following document: - 'On the use of the CMS signing-time attribute in RPKI Signed Objects' <draft-ietf-sidrops-cms-signing-time-06.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2024-03-11. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract In the Resource Public Key Infrastructure (RPKI), Signed Objects are defined as Cryptographic Message Syntax (CMS) protected content types by way of a standard template (RFC 6488). That template includes an optional CMS signing-time attribute, representing the purported time at which the object was signed by its issuer. At the time when the standard template was defined, rsync was the only distribution mechanism for RPKI repositories. Since the publication of the standard template, a new, additional protocol for distribution of RPKI repositories has been developed: the RPKI Repository Delta Protocol (RRDP). While RPKI repository operators must provide rsync service, RRDP is typically deployed alongside it as well, and preferred by default by most Relying Party (RP) implementations. However, RP implementations also support fallback to rsync in the event of problems with the RRDP service. As deployment experience with RRDP has increased, the usefulness of optimizing switchovers by RPs from one mechanism to the other has become apparent. This document describes how Publishers and RPs can use the CMS signing-time attribute to minimize the burden of switching over from RRDP to rsync. Additionally, this document updates RFC 6488 by mandating the presence of the CMS signing-time attribute and disallowing the use of the binary-signing-time attribute. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-sidrops-cms-signing-time/ No IPR declarations have been submitted directly on this I-D.