Resource Public Key Infrastructure (RPKI) Repository Requirements
draft-sidrops-bruijnzeels-deprecate-rsync-01

Document Type Active Internet-Draft (individual)
Last updated 2020-04-25
Stream (None)
Intended RFC status (None)
Formats plain text xml pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                     T. Bruijnzeels
Internet-Draft                                                NLnet Labs
Updates: 6841, 8182 (if approved)                                R. Bush
Intended status: Standards TrackInternet Initiative Japan & Arrcus, Inc.
Expires: October 27, 2020                                  G. Michaelson
                                                                   APNIC
                                                          April 25, 2020

   Resource Public Key Infrastructure (RPKI) Repository Requirements
              draft-sidrops-bruijnzeels-deprecate-rsync-01

Abstract

   This document formulates a plan of a phased transition to a state
   where RPKI repositories and Relying Party software performing RPKI
   Validation will use the RPKI Repository Delta Protocol (RRDP)
   [RFC8182] as the only mandatory to implement access protocol.

   In short this plan consists of the following phases.

   In phase 0, today's deployment, RRDP is supported by most, but not
   all Repositories, and most but not all RP software.

   In the proposed phase 1 RRDP will become mandatory to implement for
   Repositories, in addition to rsync.  This phase can start as soon as
   this document is published.

   Once the proposed updates are implemented by all Repositories phase 2
   will start.  In this phase RRDP will become mandatory to implement
   for all RP software, and rsync must no longer be used.

   Measurements will need to be done to help determine when it will be
   safe to transition to the final phase of this plan.  During this
   phase Repositories will no longer be required to provide rsync access
   for RPKI validation purposes.  However, they may still provide rsync
   access for direct access to files for other purposes, if desired, at
   a best effort basis.

   Although this document currently includes descriptions and updates to
   RFCs for each of these phases, we may find that it will be beneficial
   to have separate documents for the plan, and each phase, so that it
   might be more clear to all when the updates to RFCs take effect.

Bruijnzeels, et al.     Expires October 27, 2020                [Page 1]
Internet-Draft        RPKI Repository Requirements            April 2020

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on October 27, 2020.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Requirements notation . . . . . . . . . . . . . . . . . . . .   3
   2.  Motivation  . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Plan  . . . . . . . . . . . . . . . . . . . . . . . . . . . .   4
     3.1.  Phase 0 - RPKI repositories support rsync, and optionally
           RRDP  . . . . . . . . . . . . . . . . . . . . . . . . . .   4
     3.2.  Phase 1 - RPKI repositories support both rsync and RRDP .   4
       3.2.1.  Current Support for RRDP in Repository Software . . .   4
       3.2.2.  Updates to RFC 6481 . . . . . . . . . . . . . . . . .   5
       3.2.3.  Measurements  . . . . . . . . . . . . . . . . . . . .   6
     3.3.  Phase 2 - All RP software prefers RRDP  . . . . . . . . .   6
       3.3.1.  RRDP support in Relying Party software  . . . . . . .   6
       3.3.2.  Updates to RFC 8182 . . . . . . . . . . . . . . . . .   6
       3.3.3.  Measurements  . . . . . . . . . . . . . . . . . . . .   7
     3.4.  Phase 3 - RPKI repositories support RRDP, and optionally

Bruijnzeels, et al.     Expires October 27, 2020                [Page 2]
Internet-Draft        RPKI Repository Requirements            April 2020

           rsync . . . . . . . . . . . . . . . . . . . . . . . . . .   7
       3.4.1.  Updates to RFC 6481 . . . . . . . . . . . . . . . . .   7
Show full document text