Technical Summary
This document defines the semantics of a Route Origin Authorization
(ROA) in terms of an application of the Resource Public Key
Infrastructure (RPKI) to the validation of the origination of routes
advertised in the Border Gateway Protocol.
Working Group Summary
The initial versions of this document presented a validation algorithm
that was considerably more complex than the final verison. It was
modified and simplified over many versions and discussions. The
present document is an outcome of energetic discussions involving a
broad cross-section of the working group. The authors advocated the
original approach vigorously, but eventually accepted the group
consensus.
IP has been filed at http://datatracker.ietf.org/ipr/1204/ The
working group discussed this in Nov 2009. The WG decided
that it prefered non-IPR'd technologies, but did not reject this
work and continued with it.
Document Quality
This document is clear and submitted as Informational without anything
to be implemented. A related document describes an implementation
in the BGP decision process. The related document is itself being
implemented by at least one router vendor.
Personnel
Sandy Murphy (sandy@sparta.com) is the Document Shepherd.
Adrian Farrel (adrian/farrel@hauwei,com) is the responsible AD.
RFC Editor Note
Section 4 final sentence
s/MAY/may/
---
Section 5
OLD
A ROA validation "expires" at
the Validity To field of the signing EE certificate, or at such a
time when there is no certification path that can validate the ROA.
A ROA issuer may elect to prematurely invalidate a ROA by revoking
the EE certificate that was used to sign the ROA.
NEW
A ROA validation "expires" at
the notAfter field of the signing EE certificate, or at such a
time when there is no certification path that can validate the ROA.
A ROA issuer may elect to prematurely invalidate a ROA by revoking
the EE certificate that was used to sign the ROA.
END