Validation of Route Origination Using the Resource Certificate Public Key Infrastructure (PKI) and Route Origin Authorizations (ROAs)
RFC 6483

Approval announcement
Draft of message to be sent after approval: 

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    sidr mailing list <sidr@ietf.org>,
    sidr chair <sidr-chairs@tools.ietf.org>
Subject: Document Action: 'Validation of Route Origination using the Resource Certificate PKI and ROAs' to Informational RFC (draft-ietf-sidr-roa-validation-10.txt)

The IESG has approved the following document:
- 'Validation of Route Origination using the Resource Certificate PKI and
   ROAs'
  (draft-ietf-sidr-roa-validation-10.txt) as an Informational RFC

This document is the product of the Secure Inter-Domain Routing Working
Group.

The IESG contact persons are Adrian Farrel and Stewart Bryant.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-sidr-roa-validation/




Technical Summary

  This document defines the semantics of a Route Origin Authorization 
  (ROA) in terms of an application of the Resource Public Key 
  Infrastructure (RPKI) to the validation of the origination of routes
  advertised in the Border Gateway Protocol.

Working Group Summary

  The initial versions of this document presented a validation algorithm
  that was considerably more complex than the final verison.  It was 
  modified and simplified over many versions and discussions.  The 
  present document is an outcome of energetic discussions involving a 
  broad cross-section of the working group.  The authors advocated the 
  original approach vigorously, but eventually accepted the group
  consensus.

   IP has been filed at http://datatracker.ietf.org/ipr/1204/  The 
   working group discussed this in Nov 2009. The WG decided
   that it prefered non-IPR'd technologies, but did not reject this
   work and continued with it.

Document Quality

  This document is clear and submitted as Informational without anything
  to be implemented. A related document describes an implementation
  in the BGP decision process.  The related document is itself being
  implemented by at least one router vendor.

Personnel

   Sandy Murphy (sandy@sparta.com) is the Document Shepherd.
   Adrian Farrel (adrian/farrel@hauwei,com) is the responsible AD.

RFC Editor Note

Section 4 final sentence
s/MAY/may/   

---

Section 5

OLD
   A ROA validation "expires" at
   the Validity To field of the signing EE certificate, or at such a
   time when there is no certification path that can validate the ROA.
   A ROA issuer may elect to prematurely invalidate a ROA by revoking
   the EE certificate that was used to sign the ROA.
NEW
   A ROA validation "expires" at
   the notAfter field of the signing EE certificate, or at such a
   time when there is no certification path that can validate the ROA.
   A ROA issuer may elect to prematurely invalidate a ROA by revoking
   the EE certificate that was used to sign the ROA.
END

RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools