Skip to main content

A Default Validation Policy for the use of RPKI Manifests in the global Internet Routing System.

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Job Snijders
Last updated 2020-11-16 (Latest revision 2020-05-04)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Manifests are a critical cornerstone to the global Resource Public Key Infrastructure (RPKI). RFC 6486 describes a validation decision tree which introduced the notion of 'local policy', creating space for ambiguity. This ambiguity has led to various RPKI implementations producing different output when presented with the same input, but also leads to severe operational security implications. This document updates RFC 6486 and introduces the notion of a default policy for Manifest validation to encourage harmony between implementations.


Job Snijders

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)