Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI)
RFC 6489

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    sidr mailing list <sidr@ietf.org>,
    sidr chair <sidr-chairs@tools.ietf.org>
Subject: Protocol Action: 'CA Key Rollover in the RPKI' to BCP (draft-ietf-sidr-keyroll-08.txt)

The IESG has approved the following document:
- 'CA Key Rollover in the RPKI'
  (draft-ietf-sidr-keyroll-08.txt) as a BCP

This document is the product of the Secure Inter-Domain Routing Working
Group.

The IESG contact persons are Stewart Bryant and Adrian Farrel.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-sidr-keyroll/


Technical Summary

This document describes how a Certification Authority (CA) in the
Resource Public Key Infrastructure (RPKI) performs a planned rollover
of its key pair. This document also notes the implications of this
key rollover procedure for Relying Parties (RPs). In general, RPs are
expected to maintain a local cache of the objects that have been
published in the RPKI repository, and thus the way in which a CA
performs key rollover impacts RPs.

Working Group Summary

The most contentious issue in the progress of this draft was an
issue raised shortly after the wglc ended.  The issue was discussed
vigorously on the list (between a small number of members) and a
change in requirements level was made, but that did not totally
answer the original commenter.  There was broad support for the
draft during the wglc and consensus was not reached on the technical
change suggested in this last discussion, so the document was progressed
with the compromise requirement change only.  The member bringing the
issue to the list is resigned to the outcome.


Document Quality
 
This is another case in this working group in which a section of
a document of long standing has been lifted out to be a draft of
its own.  This draft had been a topic in the res-certs profile
and was extracted when the working group was asked by the security
ADs to provide a plan for algorithm agility and key rollover.  As
such it has had the benefit of a long history of reviews of the
parent document.

Personnel

Sandra Murphy (Sandra.Murphy@sparta.com) is the Document Shepherd 
for this document.  
Stewart Bryant (stbryant@cisco.com) is the Responsible Area Director.