A Profile for BGPSEC Router Certificates
draft-reynolds-bgpsec-rtrcerts-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Author | Mark Reynolds | ||
| Last updated | 2011-06-02 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document defines a standard profile for X.509 certificates for the purposes of supporting validation of Autonomous System (AS) paths in the Border Gateway Protocol (BGP), as part of an extension to that protocol known as BGPSEC. BGP is a critical component for the proper operation of the Internet as a whole. The BGPSEC protocol is under development as a component to address the requirement to provide security for the BGP protocol. The goal of BGPSEC is to design a protocol for full AS path validation based on the use of strong cryptographic primitives. The end-entity (EE) certificates specified by this profile are issued under Resource PKI (RPKI) CA certificates, containing the RFC 3779 AS number extension, to routers within the autonomous system. The certificate asserts that the router(s) holding the public key are authorized to send out secure route advertisements on behalf of the specified autonomous system. Note that since these certificates extend the RPKI [ID.sidr-arch], this profile is based on the profile for RPKI resource certificates [ID.res-cert-prof].
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)