@techreport{snijders-constraining-rpki-trust-anchors-07, number = {draft-snijders-constraining-rpki-trust-anchors-07}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/07/}, author = {Job Snijders and Theo Buehler}, title = {{Constraining RPKI Trust Anchors}}, pagetotal = 103, year = 2024, month = nov, day = 5, abstract = {This document describes an approach for Resource Public Key Infrastructure (RPKI) Relying Parties (RPs) to impose locally configured Constraints on cryptographic products subordinate to publicly-trusted Trust Anchors (TAs), as implemented in OpenBSD's rpki-client validator. The ability to constrain a Trust Anchor operator's effective signing authority to a limited set of Internet Number Resources (INRs) allows Relying Parties to enjoy the potential benefits of assuming trust - within a bounded scope.}, }