Validation of Route Origination Using the Resource Certificate Public Key Infrastructure (PKI) and Route Origin Authorizations (ROAs)
RFC 6483
Approval announcement
Draft of message to be sent after approval:
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
sidr mailing list <sidr@ietf.org>,
sidr chair <sidr-chairs@tools.ietf.org>
Subject: Document Action: 'Validation of Route Origination using the Resource Certificate PKI and ROAs' to Informational RFC (draft-ietf-sidr-roa-validation-10.txt)
The IESG has approved the following document:
- 'Validation of Route Origination using the Resource Certificate PKI and
ROAs'
(draft-ietf-sidr-roa-validation-10.txt) as an Informational RFC
This document is the product of the Secure Inter-Domain Routing Working
Group.
The IESG contact persons are Adrian Farrel and Stewart Bryant.
A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-sidr-roa-validation/
Technical Summary
This document defines the semantics of a Route Origin Authorization
(ROA) in terms of an application of the Resource Public Key
Infrastructure (RPKI) to the validation of the origination of routes
advertised in the Border Gateway Protocol.
Working Group Summary
The initial versions of this document presented a validation algorithm
that was considerably more complex than the final verison. It was
modified and simplified over many versions and discussions. The
present document is an outcome of energetic discussions involving a
broad cross-section of the working group. The authors advocated the
original approach vigorously, but eventually accepted the group
consensus.
IP has been filed at http://datatracker.ietf.org/ipr/1204/ The
working group discussed this in Nov 2009. The WG decided
that it prefered non-IPR'd technologies, but did not reject this
work and continued with it.
Document Quality
This document is clear and submitted as Informational without anything
to be implemented. A related document describes an implementation
in the BGP decision process. The related document is itself being
implemented by at least one router vendor.
Personnel
Sandy Murphy (sandy@sparta.com) is the Document Shepherd.
Adrian Farrel (adrian/farrel@hauwei,com) is the responsible AD.
RFC Editor Note
Section 4 final sentence
s/MAY/may/
---
Section 5
OLD
A ROA validation "expires" at
the Validity To field of the signing EE certificate, or at such a
time when there is no certification path that can validate the ROA.
A ROA issuer may elect to prematurely invalidate a ROA by revoking
the EE certificate that was used to sign the ROA.
NEW
A ROA validation "expires" at
the notAfter field of the signing EE certificate, or at such a
time when there is no certification path that can validate the ROA.
A ROA issuer may elect to prematurely invalidate a ROA by revoking
the EE certificate that was used to sign the ROA.
END