Technical Summary
This document describes how a Certification Authority (CA) in the
Resource Public Key Infrastructure (RPKI) performs a planned rollover
of its key pair. This document also notes the implications of this
key rollover procedure for Relying Parties (RPs). In general, RPs are
expected to maintain a local cache of the objects that have been
published in the RPKI repository, and thus the way in which a CA
performs key rollover impacts RPs.
Working Group Summary
The most contentious issue in the progress of this draft was an
issue raised shortly after the wglc ended. The issue was discussed
vigorously on the list (between a small number of members) and a
change in requirements level was made, but that did not totally
answer the original commenter. There was broad support for the
draft during the wglc and consensus was not reached on the technical
change suggested in this last discussion, so the document was progressed
with the compromise requirement change only. The member bringing the
issue to the list is resigned to the outcome.
Document Quality
This is another case in this working group in which a section of
a document of long standing has been lifted out to be a draft of
its own. This draft had been a topic in the res-certs profile
and was extracted when the working group was asked by the security
ADs to provide a plan for algorithm agility and key rollover. As
such it has had the benefit of a long history of reviews of the
parent document.
Personnel
Sandra Murphy (Sandra.Murphy@sparta.com) is the Document Shepherd
for this document.
Stewart Bryant (stbryant@cisco.com) is the Responsible Area Director.