Manifests for the Resource Public Key Infrastructure (RPKI)
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, sidr mailing list <email@example.com>, sidr chair <firstname.lastname@example.org> Subject: Protocol Action: 'Manifests for the Resource Public Key Infrastructure' to Proposed Standard (draft-ietf-sidr-rpki-manifests-14.txt) The IESG has approved the following document: - 'Manifests for the Resource Public Key Infrastructure' (draft-ietf-sidr-rpki-manifests-14.txt) as a Proposed Standard This document is the product of the Secure Inter-Domain Routing Working Group. The IESG contact persons are Stewart Bryant and Adrian Farrel. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-sidr-rpki-manifests/
Technical Summary This document defines a "manifest" for use in the Resource Public Key Infrastructure (RPKI). A manifest is a signed object (file) that contains a listing of all the signed objects (files) in the repository publication point (directory) associated with an authority responsible for publishing in the repository. For each certificate, Certificate Revocation List (CRL), or other type of signed object issued by the authority that are published at this repository publication point, the manifest contains both the name of the file containing the object and a hash of the file content. Manifests are intended to enable a relying party (RP) to detect certain forms of attacks against a repository. Specifically, if an RP checks a manifest's contents against the signed objects retrieved from a repository publication point, then the RP can detect "stale" (valid) data and deletion of signed objects. Working Group Summary This document specifies an object that is needed to protect against some attacks (deletion, replay, etc.) on repositories in the distributed RPKI. The need for this object was recognized by RPKI implementors and conveyed to the working group. The working group supported making this a mandatory part of the repository system. Document Quality The document is well written and clear. Implementations of the RPKI exist, which must include this mandatory object, indicating a detailed coding level review. Implemenation experience has been reflected in changes to this document. Personnel Sandra Murphy is the Document Shepherd for this document. Stewart Bryant is the Responsible Area Director.