Manifests for the Resource Public Key Infrastructure (RPKI)
RFC 6486

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    sidr mailing list <sidr@ietf.org>,
    sidr chair <sidr-chairs@tools.ietf.org>
Subject: Protocol Action: 'Manifests for the Resource Public Key Infrastructure' to Proposed Standard (draft-ietf-sidr-rpki-manifests-14.txt)

The IESG has approved the following document:
- 'Manifests for the Resource Public Key Infrastructure'
  (draft-ietf-sidr-rpki-manifests-14.txt) as a Proposed Standard

This document is the product of the Secure Inter-Domain Routing Working
Group.

The IESG contact persons are Stewart Bryant and Adrian Farrel.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-sidr-rpki-manifests/


Technical Summary

This document defines a "manifest" for use in the Resource Public Key
Infrastructure (RPKI).  A manifest is a signed object (file) that
contains a listing of all the signed objects (files) in the
repository publication point (directory) associated with an authority
responsible for publishing in the repository.  For each certificate,
Certificate Revocation List (CRL), or other type of signed object
issued by the authority that are published at this repository
publication point, the manifest contains both the name of the file
containing the object and a hash of the file content.  Manifests are
intended to enable a relying party (RP) to detect certain forms of
attacks against a repository.  Specifically, if an RP checks a
manifest's contents against the signed objects retrieved from a
repository publication point, then the RP can detect "stale" (valid)
data and deletion of signed objects.

Working Group Summary

This document specifies an object that is needed to protect against
some attacks (deletion, replay, etc.) on repositories in the
distributed RPKI.  The need for this object was recognized by RPKI
implementors and conveyed to the working group.  The working group
supported making this a mandatory part of the repository system.

Document Quality

The document is well written and clear. Implementations of the RPKI
exist, which must include this mandatory object, indicating a detailed
coding level review. Implemenation experience has been reflected in
changes to this document.

Personnel

Sandra Murphy is the Document Shepherd for this document.
Stewart Bryant is the Responsible Area Director.