This document describes the approach to validate the content of the
RPKI certificate tree, as it is implemented in the RIPE NCC RPKI
Validator. This approach is independent of a particular object
retrieval mechanism. This allows it to be used with repositories
available over the rsync protocol, the RPKI Repository Delta
Protocol, and repositories that use a mix of both.
This document describes how the RIPE NCC RPKI Validator version 2.23
has been implemented. Source code to this software can be found at
[github]. The purpose of this document is to provide transparency to
users of (and contributors to) this software tool, as well as serve
to be subjected to scrutiny by the SIDR Operations Working Group. It
is not intended as a document that describes a standard or best
practices on how validation should be done in general.
Working Group Summary
No particularly difficult notes from the WG, this document
describes the operations of a particular piece of infrastructure,
it's not changing live things.
"Are there existing implementations of the protocol? "
Yup, that's the whole purpose of this document :-). It
is an Informational specification, "published for the
general information of the Internet community, and
does not represent an Internet community consensus
or recommendation. The Informational designation is
intended to provide for the timely publication of a very
broad range of responsible informational documents
from many sources, subject only to editorial
considerations and to verification that there has been
adequate coordination with the standards process".
There are 3 outdated references, which can be handled by
the RFC Editor:
draft-ietf-sidr-delta-protocol -> RFC 8182draft-ietf-sidr-rpki-validation-reconsidered -> RFC 8360RFC 6485, obsoleted by RFC 7935
Chris Morrow is DS
Warren Kumari is RAD (that *never* gets old!)