Skip to main content

BGPsec Router Certificate Rollover

Document Type Replaced Internet-Draft (sidrops WG)
Expired & archived
Authors Roque Gagliano , Brian Weis , Keyur Patel
Last updated 2016-12-01 (Latest revision 2016-10-25)
Replaces draft-rogaglia-sidr-bgpsec-rollover
Replaced by RFC 8634
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state (None)
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-sidrops-bgpsec-rollover
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD Joel Jaeggli
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


BGPsec will need to address the impact from regular and emergency rollover processes for the BGPsec End-Entity (EE) certificates that will be performed by Certificate Authorities (CAs) participating at the Resource Public Key Infrastructure (RPKI). Rollovers of BGPsec EE certificates must be carefully managed in order to synchronize distribution of router public keys and the usage of those pubic keys by BGPsec routers. This document provides general recommendations for that process, as well as describing reasons why the rollover of BGPsec EE certificates might be necessary.


Roque Gagliano
Brian Weis
Keyur Patel

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)