A Profile for BGPSEC Router Certificates, Certificate Revocation Lists, and Certification Requests
draft-ietf-sidr-bgpsec-pki-profiles-10

Document Type Expired Internet-Draft (sidr WG)
Last updated 2015-07-25 (latest revision 2015-01-21)
Replaces draft-turner-sidr-bgpsec-pki-profiles
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream WG state Waiting for WG Chair Go-Ahead
Waiting for Referenced Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-sidr-bgpsec-pki-profiles-10.txt

Abstract

This document defines a standard profile for X.509 certificates for the purposes of supporting validation of Autonomous System (AS) paths in the Border Gateway Protocol (BGP), as part of an extension to that protocol known as BGPSEC. BGP is a critical component for the proper operation of the Internet as a whole. The BGPSEC protocol is under development as a component to address the requirement to provide security for the BGP protocol. The goal of BGPSEC is to design a protocol for full AS path validation based on the use of strong cryptographic primitives. The end-entity (EE) certificates specified by this profile are issued under Resource Public Key Infrastructure (RPKI) Certification Authority (CA) certificates, containing the AS Identifier Delegation extension, to routers within the Autonomous System (AS) or ASes. The certificate asserts that the router(s) holding the private key are authorized to send out secure route advertisements on behalf of the specified AS(es). This document also profiles the Certificate Revocation List (CRL), profiles the format of certification requests, and specifies Relying Party certificate path validation procedures. The document extends the RPKI; therefore, this documents updates the RPKI Resource Certificates Profile (RFC 6487).

Authors

Mark Reynolds (mcr@islandpeaksoftware.com)
spt (turners@ieca.com)
Stephen Kent (kent@bbn.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)