Skip to main content

On the use of the CMS signing-time attribute in RPKI Signed Objects

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Job Snijders , Tom Harrison
Last updated 2023-06-07
Replaced by draft-ietf-sidrops-cms-signing-time
RFC stream (None)
Intended RFC status (None)
Additional resources GitHub Repository
Related Implementations
Related Implementations
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-sidrops-cms-signing-time
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


RFC 6488 standardized a template for specifying Signed Objects that can be validated using the RPKI. Since the publication of that document, a new additional protocol for distribution of RPKI repositories was developed (RFC 8182), and new insights arose with respect to querying and combining the different distribution mechanisms. This document describes how Publishers and Relying Parties can use the CMS signing-time attribute to optimize seamless transitions from RRDP to RSYNC. Additionally, this document updates RFC 6488 by mandating the presence of the CMS signing-time attribute and disallowing the binary-signing-time attribute.


Job Snijders
Tom Harrison

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)