Technical Summary
This document defines a standard profile for X.509 certificates for
the purposes of supporting validation of assertions of "right-of-use"
of Resources (INRs). The certificates issued under this profile are
used to convey the Issuer's authorisation of the Subject to be
regarded as the current holder of a "right-of-use" of the INRs that
are described in the certificate. This document contains the
normative specification of Certificate and Certificate Revocation
List (CRL) syntax in the Resource Public Key Infrastructure (RPKI).
The document also specifies profiles for the format of certificate
requests. The document also specifies the Relying Party RPKI
certificate path validation procedure.
Working Group Summary
This draft was the first draft presented to the working group and has
been a basis for other work in the working group. Several implementators
of this certificate profile have conveyed implementation experience that
has been incorporated into the draft.
Document Quality
This document is well written and clear. Over the years, portions have
been extracted to become independent drafts and the language has become
more concise as a result of detailed reviews. Although this profile
does not define a protocol, several independent implementations of this
certificate profile exist, indicating careful review.
There have been careful reviews by X.509 PKI experts and by ASN.1 experts
and their comments have been addressed.
Personnel
Sandra Murphy is the Document Shepherd for this document.
Stewart Bryant is the Responsible Area Director.
RFC Editor Note
In the References:
OLD
[ID.sidr-cp]
Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate
Policy (CP) for the Resource PKI (RPKI)", Work in
progress: Internet Drafts draft-ietf-sidr-c-13.txt,
September 2010.
NEW
[ID.sidr-cp]
Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate
Policy (CP) for the Resource PKI (RPKI)", Work in
progress: Internet Drafts draft-ietf-sidr-cp-13.txt,
September 2010.
END
In Section 4.9.6, 3rd paragraph:
OLD:
The CRL Distribution Points (CRLDP) extension identifies the
location(s) of the CRL(s) associated with certificates issued by this
Issuer. The RPKI uses the URI form of object identification. The
preferred URI access mechanism is a single RSYNC URI ("rsync://")
[RFC5781] that references a single inclusive CRL for each Issuer.
NEW:
The CRL Distribution Points (CRLDP) extension identifies the
location(s) of the CRL(s) associated with certificates issued by this
Issuer. The RPKI uses the URI [RFC3986] form of object identification. The
preferred URI access mechanism is a single RSYNC URI ("rsync://")
[RFC5781] that references a single inclusive CRL for each Issuer.
Please add [RFC3986] to the list of Normative References.
Please move [RFC5781] to the Normative References.