datatracker.ietf.org
Sign in
Version 5.6.2.p1, 2014-07-22
Report a bug

X.509 Extensions for IP Addresses and AS Identifiers
RFC 3779

Document type: RFC - Proposed Standard (June 2004; Errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3779 (Proposed Standard)
Responsible AD: Russ Housley
Send notices to: No addresses provided

Network Working Group                                            C. Lynn
Request for Comments: 3779                                       S. Kent
Category: Standards Track                                         K. Seo
                                                        BBN Technologies
                                                               June 2004

          X.509 Extensions for IP Addresses and AS Identifiers

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This document defines two X.509 v3 certificate extensions.  The first
   binds a list of IP address blocks, or prefixes, to the subject of a
   certificate.  The second binds a list of autonomous system
   identifiers to the subject of a certificate.  These extensions may be
   used to convey the authorization of the subject to use the IP
   addresses and autonomous system identifiers contained in the
   extensions.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
       1.1.  Terminology. . . . . . . . . . . . . . . . . . . . . . .  3
   2.  IP Address Delegation Extension. . . . . . . . . . . . . . . .  5
       2.1.  Context. . . . . . . . . . . . . . . . . . . . . . . . .  5
             2.1.1.  Encoding of an IP Address or Prefix. . . . . . .  5
             2.1.2.  Encoding of a Range of IP Addresses. . . . . . .  7
       2.2.  Specification. . . . . . . . . . . . . . . . . . . . . .  8
             2.2.1.  OID. . . . . . . . . . . . . . . . . . . . . . .  8
             2.2.2.  Criticality. . . . . . . . . . . . . . . . . . .  9
             2.2.3.  Syntax . . . . . . . . . . . . . . . . . . . . .  9
                     2.2.3.1.  Type IPAddrBlocks. . . . . . . . . . .  9
                     2.2.3.2.  Type IPAddressFamily . . . . . . . . .  9
                     2.2.3.3.  Element addressFamily. . . . . . . . . 10
                     2.2.3.4.  Element ipAddressChoice and Type
                               IPAddressChoice. . . . . . . . . . . . 10

Lynn, et al.                Standards Track                     [Page 1]
RFC 3779         X.509 Extensions for IP Addr and AS ID        June 2004

                     2.2.3.5.  Element inherit. . . . . . . . . . . . 10
                     2.2.3.6.  Element addressesOrRanges. . . . . . . 10
                     2.2.3.7.  Type IPAddressOrRange. . . . . . . . . 11
                     2.2.3.8.  Element addressPrefix and Type
                               IPAddress. . . . . . . . . . . . . . . 11
                     2.2.3.9.  Element addressRange and Type
                               IPAddressRange . . . . . . . . . . . . 12
       2.3.  IP Address Delegation Extension Certification Path
             Validation . . . . . . . . . . . . . . . . . . . . . . . 12
   3.  Autonomous System Identifier Delegation Extension. . . . . . . 13
       3.1.  Context  . . . . . . . . . . . . . . . . . . . . . . . . 13
       3.2.  Specification. . . . . . . . . . . . . . . . . . . . . . 13
             3.2.1.  OID. . . . . . . . . . . . . . . . . . . . . . . 13
             3.2.2.  Criticality. . . . . . . . . . . . . . . . . . . 14
             3.2.3.  Syntax . . . . . . . . . . . . . . . . . . . . . 14
                     3.2.3.1.  Type ASIdentifiers . . . . . . . . . . 14
                     3.2.3.2.  Elements asnum, rdi, and Type
                               ASIdentifierChoice . . . . . . . . . . 14
                     3.2.3.3.  Element inherit. . . . . . . . . . . . 15
                     3.2.3.4.  Element asIdsOrRanges. . . . . . . . . 15
                     3.2.3.5.  Type ASIdOrRange . . . . . . . . . . . 15
                     3.2.3.6.  Element id . . . . . . . . . . . . . . 15
                     3.2.3.7.  Element range. . . . . . . . . . . . . 15
                     3.2.3.8.  Type ASRange . . . . . . . . . . . . . 15
                     3.2.3.9.  Elements min and max . . . . . . . . . 15
                     3.2.3.10. Type ASId. . . . . . . . . . . . . . . 15
   3.3.  Autonomous System Identifier Delegation Extension
         Certification Path Validation. . . . . . . . . . . . . . . . 16
   4.  Security Considerations. . . . . . . . . . . . . . . . . . . . 16
   5.  Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 16
   Appendix A -- ASN.1 Module . . . . . . . . . . . . . . . . . . . . 17
   Appendix B -- Examples of IP Address Delegation Extensions . . . . 18
   Appendix C -- Example of an AS Identifier Delegation Extension . . 21

[include full document text]