RPKI Signed Object for Trust Anchor Keys
draft-ietf-sidrops-signed-tal-02
| Document | Type | Expired Internet-Draft (sidrops WG) | |
|---|---|---|---|
| Last updated | 2019-04-22 (latest revision 2018-10-19) | ||
| Replaces | draft-tbruijnzeels-sidrops-signed-tal | ||
| Stream | IETF | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
plain text
pdf
html
bibtex
|
||
| Stream | WG state | In WG Last Call | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | Expired | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
https://www.ietf.org/archive/id/draft-ietf-sidrops-signed-tal-02.txt
Abstract
Trust Anchor Locators (TALs) [I-D.ietf-sidrops-https-tal] are used by Relying Parties in the RPKI to locate and validate Trust Anchor certificates used in RPKI validation. This document defines an RPKI signed object for Trust Anchor Keys (TAK), that can be used by Trust Anchors to signal their set of current keys and the location(s) of the accompanying CA certiifcates to Relying Parties, as well as changes to this set in the form of revoked keys and new keys, in order to support both planned and unplanned key rolls without impacting RPKI validation.
Authors
Tim Bruijnzeels
(tim@nlnetlabs.nl)
Carlos MartÃnez
(carlos@lacnic.net)
Rob Austein
(sra@hactrn.net)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)