datatracker.ietf.org
Sign in
Version 5.6.3, 2014-09-19
Report a bug

Template for a Certification Practice Statement (CPS) for the Resource PKI (RPKI)
draft-ietf-sidr-cps-04

Document type: Active Internet-Draft (sidr WG)
Document stream: IETF
Last updated: 2014-08-14 (latest revision 2014-04-28)
Intended RFC status: Best Current Practice
Other versions: plain text, pdf, html

IETF State: Submitted to IESG for Publication
Consensus: Unknown
Document shepherd: Chris Morrow
Shepherd Write-Up: Last changed 2014-06-13

IESG State: RFC Ed Queue
IANA Review State: IANA OK - No Actions Needed
IANA Action State: No IC
RFC Editor State: AUTH48
Responsible AD: Alia Atlas
Send notices to: sidr-chairs@tools.ietf.org, draft-ietf-sidr-cps@tools.ietf.org

Secure Inter-Domain Routing (sidr)                             Kent, S.
Internet Draft                                                 Kong, D.
Expires: October 2014                                           Seo, K.
Intended Status: BCP                                   BBN Technologies
                                                             April 2014

       Template for a Certification Practice Statement (CPS) for the
                            Resource PKI (RPKI)
                        draft-ietf-sidr-cps-04.txt

Abstract

   This document contains a template to be used for creating a
   Certification Practice Statement (CPS) for an Organization that is
   part of the Resource Public Key Infrastructure (RPKI), e.g., a
   resource allocation registry or an ISP.

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with
   the provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on October 31,2014.

Table of Contents

   Preface...........................................................7
   1. Introduction...................................................8
      1.1. Overview..................................................8

Kong, Seo & Kent         Expires October 2014                  [Page 1]
Internet-Draft        Template CPS for the RPKI              April 2014

      1.2. Document Name and Identification..........................9
      1.3. PKI Participants..........................................9
         1.3.1. Certification Authorities............................9
         1.3.2. Registration Authorities............................10
         1.3.3. Subscribers.........................................10
         1.3.4. Relying Parties.....................................10
         1.3.5. Other Participants..................................10
      1.4. Certificate Usage........................................10
         1.4.1. Appropriate Certificate Uses........................10
         1.4.2. Prohibited Certificate Uses.........................11
      1.5. Policy Administration....................................11
         1.5.1. Organization administering the document.............11
         1.5.2. Contact Person......................................11
         1.5.3. Person Determining CPS Suitability for the Policy...11
         1.5.4. CPS Approval Procedures.............................11
      1.6. Definitions and Acronyms.................................11
   2. Publication and Repository Responsibilities...................14
      2.1. Repositories.............................................14
      2.2. Publication of Certification Information.................14
      2.3. Time or Frequency of Publication.........................14
      2.4. Access Controls on Repositories..........................14
   3. Identification And Authentication.............................15
      3.1. Naming...................................................15
         3.1.1. Types of Names......................................15
         3.1.2. Need for Names to be Meaningful.....................15
         3.1.3. Anonymity or Pseudonymity of Subscribers............15
         3.1.4. Rules for Interpreting Various Name Forms...........15
         3.1.5. Uniqueness of Names.................................15
         3.1.6. Recognition, Authentication, and Role of Rrademarks.16
      3.2. Initial Identity Validation..............................16
         3.2.1. Method to Prove Possession of Private Key...........16
         3.2.2. Authentication of Organization Identity.............16
         3.2.3. Authentication of Individual Identity...............16
         3.2.4. Non-verified Subscriber Information.................17
         3.2.5. Validation of Authority.............................17
         3.2.6. Criteria for Interoperation.........................17
      3.3. Identification and Authentication for Re-key Requests....17
         3.3.1. Identification and Authentication for Routine Re-key17
         3.3.2. Identification and Authentication for Re-key after
         Revocation.................................................18

[include full document text]