Tiebreaking Resource Public Key Infrastructure (RPKI) Trust Anchors
draft-ietf-sidrops-rpki-ta-tiebreaker-05
| Document | Type | Active Internet-Draft (sidrops WG) | |
|---|---|---|---|
| Authors | Job Snijders , Theo Buehler , Ties de Kock | ||
| Last updated | 2026-06-01 (Latest revision 2026-05-29) | ||
| Replaces | draft-spaghetti-sidrops-rpki-ta-tiebreaker | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | Proposed Standard | ||
| Formats | |||
| Reviews |
GENART IETF Last Call review
(of
-04)
by Christer Holmberg
Ready w/issues
ARTART IETF Last Call Review due 2026-06-01
Incomplete
SECDIR IETF Last Call Review due 2026-06-01
Incomplete
|
||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Russ Housley | ||
| Shepherd write-up | Show Last changed 2026-05-13 | ||
| IESG | IESG state | IESG Evaluation | |
| Action Holder | |||
| Consensus boilerplate | Yes | ||
| Telechat date |
On agenda of 2026-06-18 IESG telechat
Needs 5 more YES or NO OBJECTION positions to pass. |
||
| Responsible AD | Mohamed Boucadair | ||
| Send notices to | housley@vigilsec.com | ||
| IANA | IANA review state | Version Changed - Review Needed |
draft-ietf-sidrops-rpki-ta-tiebreaker-05
SIDROPS J. Snijders
Internet-Draft BSD
Updates: 8630 (if approved) T. Buehler
Intended status: Standards Track OpenBSD
Expires: 30 November 2026 T. de Kock
RIPE NCC
29 May 2026
Tiebreaking Resource Public Key Infrastructure (RPKI) Trust Anchors
draft-ietf-sidrops-rpki-ta-tiebreaker-05
Abstract
A Trust Anchor (TA) in the Resource Public Key Infrastructure (RPKI)
is represented by a self-signed X.509 Certification Authority (CA)
certificate. Over time, Relying Parties (RP) may have acquired
multiple different issuances of valid TA certificates from the same
TA operator. This document specifies a tiebreaking scheme to be used
by RPs to select one TA certificate for certification path
validation. This document updates RFC 8630.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 30 November 2026.
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
Snijders, et al. Expires 30 November 2026 [Page 1]
Internet-Draft Tiebreaking RPKI Trust Anchors May 2026
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
1.2. Related Work . . . . . . . . . . . . . . . . . . . . . . 3
2. Updates to RFC 8630 . . . . . . . . . . . . . . . . . . . . . 3
3. Security Considerations . . . . . . . . . . . . . . . . . . . 5
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
5.1. Normative References . . . . . . . . . . . . . . . . . . 5
5.2. Informative References . . . . . . . . . . . . . . . . . 6
Appendix A. Implementation status . . . . . . . . . . . . . . . 6
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction
In the Resource Public Key Infrastructure (RPKI) hierarchical
structure, a Trust Anchor (TA) is an authority for which trust is
assumed and not derived. TA operators periodically reissue TA
certificates to update the validity period (Section 4.1.2.5 of
[RFC5280]), the Subject Information Access (SIA) extension
(Section 4.2.2.2 of [RFC5280]), Certificate Policies extension
(Section 4.2.1.4 of [RFC5280]), and the Internet Number Resources
(INR) ([RFC3779]).
Relying Parties (RPs) periodically fetch TA certificates from online
locations and verify that the key of the self-signed certificate
matches the key embedded in its associated Trust Anchor Locator (TAL)
[RFC8630]. This transfer may happen via an unauthenticated channel,
and the certificate is verified by checking that it is signed by the
public key in the TAL. After retrieving a TA certificate, RPs have a
choice between using a previously retrieved locally cached copy of
the TA certificate and the newly-retrieved instance of the TA
certificate, provided that both certificates are valid.
Periodic reissuance of TA certificates is a way of ensuring that the
RPKI remains healthy at its root by avoiding ossification and
retaining agility, consequently RPs re-fetch the certificates to
adopt changes in the TA's INR [RFC3779] and SIA [RFC5280] extensions.
In the past, some TA certificates were issued with unreasonably long
validity periods, in some cases up to a century. Since TA
certificates are the root, and thus have no Certificate Revocation
Snijders, et al. Expires 30 November 2026 [Page 2]
Internet-Draft Tiebreaking RPKI Trust Anchors May 2026
List (CRL) [RFC5280] covering their own scope, TA operators cannot
revoke previously issued TA certificates. This means that an on-path
adversary or a caching network element could present RPs with an
older instance of the TA certificate than the TA operator intends RPs
to use.
This document specifies a tiebreaking scheme for RPs, preferring (1)
the 'more recently' issued TA certificate, (2) the TA certificate
with the shortest validity period among certificates with equal
notBefore (Section 4.6.1 of [RFC6487]), and (3) the 'most recently
fetched' instance of the TA certificate among certificates with equal
notBefore and equal notAfter (Section 4.6.2 of [RFC6487]). This
establishes a preorder over TA certificates issued by the same TA,
permitting the issuance of a certificate that is preferred over any
previous certificate.
This document updates Section 3 of [RFC8630].
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
1.2. Related Work
It is assumed that the reader is familiar with the terms and concepts
described in "Internet X.509 Public Key Infrastructure Certificate
and Certificate Revocation List (CRL) Profile" [RFC5280] and "A
Profile for Resource Certificate Repository Structure" [RFC6481].
2. Updates to RFC 8630
* This paragraph in Section 3 of [RFC8630] is replaced as follows.
OLD
| In order to use the TAL to retrieve and validate a (putative)
| TA, an RP SHOULD:
|
| 1. Retrieve the object referenced by (one of) the TA URI(s)
| contained in the TAL.
|
| 2. Confirm that the retrieved object is a current, self-signed
| RPKI CA certificate that conforms to the profile as
| specified in [RFC6487].
Snijders, et al. Expires 30 November 2026 [Page 3]
Internet-Draft Tiebreaking RPKI Trust Anchors May 2026
|
| 3. Confirm that the public key in the TAL matches the public
| key in the retrieved object.
|
| 4. Perform other checks, as deemed appropriate (locally), to
| ensure that the RP is willing to accept the entity
| publishing this self-signed CA certificate to be a TA.
| These tests apply to the validity of attestations made in
| the context of the RPKI relating to all resources described
| in the INR extension(s) of this certificate.
NEW
| In order to use the TAL to retrieve and validate a (putative)
| TA, an RP SHOULD:
|
| 1. Retrieve the object referenced by (one of) the TA URI(s)
| contained in the TAL. If this step fails, use the locally
| cached copy of the TA referenced by the TAL previously
| retrieved.
|
| 2. Confirm that the newly-retrieved object is a current,
| validly self-signed RPKI CA certificate that conforms to
| the profile as specified in [RFC6487]. If this step fails,
| use the locally cached TA.
|
| 3. Confirm that the public key in the TAL matches the public
| key in the newly-retrieved putative TA. If this step
| fails, use the locally cached TA.
|
| 4. Check whether the newly-retrieved TA has a more recent
| notBefore than the locally cached TA. If the notBefore of
| the newly-retrieved TA is less recent, use the locally
| cached TA.
|
| 5. If the notBefore dates are equal, check whether the newly-
| retrieved TA has a shorter validity period than the locally
| cached TA. If the validity period of the newly-retrieved
| TA is longer, use the locally cached TA.
|
| 6. If the validity period is equal, and the newly-retrieved TA
| differs from the cached TA, use the newly-retrieved TA. In
| the unlikely event that this step is reached, it seems most
| likely that the TA operator intended for RPs to use the TA
| that is currently published.
Snijders, et al. Expires 30 November 2026 [Page 4]
Internet-Draft Tiebreaking RPKI Trust Anchors May 2026
3. Security Considerations
When RPs inadvertently use a different instance of the TA certificate
than that which the TA operator intended for RPs to use, the
certification path validation process will yield an unexpected
outcome. Some examples of unexpected outcomes are validation
failures or replay attacks. Standardization of a tiebreaking scheme
helps both RP and TA operators arrive at deterministic outcomes. The
specified tiebreaking scheme prevents RPs from accepting a previous
certificate presented by an on-path adversary in the presence of
other TA certificate material.
4. IANA Considerations
This document has no IANA actions.
5. References
5.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP
Addresses and AS Identifiers", RFC 3779,
DOI 10.17487/RFC3779, June 2004,
<https://www.rfc-editor.org/info/rfc3779>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<https://www.rfc-editor.org/info/rfc5280>.
[RFC6481] Huston, G., Loomans, R., and G. Michaelson, "A Profile for
Resource Certificate Repository Structure", RFC 6481,
DOI 10.17487/RFC6481, February 2012,
<https://www.rfc-editor.org/info/rfc6481>.
[RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for
X.509 PKIX Resource Certificates", RFC 6487,
DOI 10.17487/RFC6487, February 2012,
<https://www.rfc-editor.org/info/rfc6487>.
Snijders, et al. Expires 30 November 2026 [Page 5]
Internet-Draft Tiebreaking RPKI Trust Anchors May 2026
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8630] Huston, G., Weiler, S., Michaelson, G., Kent, S., and T.
Bruijnzeels, "Resource Public Key Infrastructure (RPKI)
Trust Anchor Locator", RFC 8630, DOI 10.17487/RFC8630,
August 2019, <https://www.rfc-editor.org/info/rfc8630>.
5.2. Informative References
[RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
Code: The Implementation Status Section", BCP 205,
RFC 7942, DOI 10.17487/RFC7942, July 2016,
<https://www.rfc-editor.org/info/rfc7942>.
[rpki-client]
Jeker, C., Snijders, J., Dzonsons, K., and T. Buehler,
"rpki-client 9.1", June 2024,
<https://www.rpki-client.org/>.
[rpki-prover]
Puzanov, M., "rpki-prover", August 2024,
<https://github.com/lolepezy/rpki-prover/pull/218>.
Appendix A. Implementation status
This section is to be removed before publishing as an RFC.
This section records the status of known implementations of the
protocol defined by this specification at the time of posting of this
Internet-Draft, and is based on a proposal described in [RFC7942].
The description of implementations in this section is intended to
assist the IETF in its decision processes in progressing drafts to
RFCs. Please note that the listing of any individual implementation
here does not imply endorsement by the IETF. Furthermore, no effort
has been spent to verify the information presented here that was
supplied by IETF contributors. This is not intended as, and must not
be construed to be, a catalog of available implementations or their
features. Readers are advised to note that other implementations may
exist.
According to [RFC7942], "this will allow reviewers and working groups
to assign due consideration to documents that have the benefit of
running code, which may serve as evidence of valuable experimentation
and feedback that have made the implemented protocols more mature.
It is up to the individual working groups to use this information as
they see fit".
Snijders, et al. Expires 30 November 2026 [Page 6]
Internet-Draft Tiebreaking RPKI Trust Anchors May 2026
* OpenBSD [rpki-client]
* Mikhail Puzanov's [rpki-prover]
Acknowledgements
The authors wish to thank Tim Bruijnzeels, George Michaelson, Tom
Harrison Russ Housley, Mohamed Boucadair, and Christer Holmberg for
their review and feedback.
Authors' Addresses
Job Snijders
BSD Software Development
Amsterdam
The Netherlands
Email: job@bsd.nl
URI: https://www.bsd.nl
Theo Buehler
OpenBSD
Switzerland
Email: tb@openbsd.org
Ties de Kock
RIPE NCC
Amsterdam
Netherlands
Email: tdekock@ripe.net
Snijders, et al. Expires 30 November 2026 [Page 7]