RPKI Signed Object for Trust Anchor Keys
draft-ietf-sidrops-signed-tal-05
Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Active".
Expired & archived
|
|
---|---|---|---|
Authors | Carlos M. Martínez , George G. Michaelson , Tom Harrison , Tim Bruijnzeels , Rob Austein | ||
Last updated | 2020-07-27 (Latest revision 2020-01-15) | ||
Replaces | draft-tbruijnzeels-sidrops-signed-tal | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | In WG Last Call | |
Document shepherd | (None) | ||
IESG | IESG state | Expired | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
A Trust Anchor Locator (TAL) [I-D.ietf-sidrops-https-tal] is used by Relying Parties (RP) in the RPKI to locate and validate a Trust Anchor (TA) CA certificate used in RPKI validation. This document defines an RPKI signed object for a set of Trust Anchor Keys (TAK), that can be used by TA creators and publishers to signal their set of current keys and the location(s) of the accompanying CA certificates to RPs, as well as changes to this set in the form of revoked keys and new keys, in order to support both planned and unplanned key rolls without impacting RPKI validation.
Authors
Carlos M. Martínez
George G. Michaelson
Tom Harrison
Tim Bruijnzeels
Rob Austein
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)