Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: RFC Editor <email@example.com>, sidr mailing list <firstname.lastname@example.org>, sidr chair <email@example.com> Subject: Protocol Action: 'CA Key Rollover in the RPKI' to BCP (draft-ietf-sidr-keyroll-08.txt) The IESG has approved the following document: - 'CA Key Rollover in the RPKI' (draft-ietf-sidr-keyroll-08.txt) as a BCP This document is the product of the Secure Inter-Domain Routing Working Group. The IESG contact persons are Stewart Bryant and Adrian Farrel. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-sidr-keyroll/
Technical Summary This document describes how a Certification Authority (CA) in the Resource Public Key Infrastructure (RPKI) performs a planned rollover of its key pair. This document also notes the implications of this key rollover procedure for Relying Parties (RPs). In general, RPs are expected to maintain a local cache of the objects that have been published in the RPKI repository, and thus the way in which a CA performs key rollover impacts RPs. Working Group Summary The most contentious issue in the progress of this draft was an issue raised shortly after the wglc ended. The issue was discussed vigorously on the list (between a small number of members) and a change in requirements level was made, but that did not totally answer the original commenter. There was broad support for the draft during the wglc and consensus was not reached on the technical change suggested in this last discussion, so the document was progressed with the compromise requirement change only. The member bringing the issue to the list is resigned to the outcome. Document Quality This is another case in this working group in which a section of a document of long standing has been lifted out to be a draft of its own. This draft had been a topic in the res-certs profile and was extracted when the working group was asked by the security ADs to provide a plan for algorithm agility and key rollover. As such it has had the benefit of a long history of reviews of the parent document. Personnel Sandra Murphy (Sandra.Murphy@sparta.com) is the Document Shepherd for this document. Stewart Bryant (firstname.lastname@example.org) is the Responsible Area Director.