This document specifies the process that Certification Authorities
(CAs) and Relying Parties (RPs) participating in the Resource Public
Key Infrastructure (RPKI) will need to follow to transition to a new
(and probably cryptographically stronger) algorithm set. The process
is expected to be completed in a time scale of several years.
Consequently, no emergency transition is specified. The transition
procedure defined in this document supports only a top-down migration
(parent migrates before children).
Working Group Summary
During WGLC there was some prolonged discussion on whether IETF
is the right body for publishing a set of milestones for different phases of
algorithm migration and which other entities should be involved (IANA,
NROs, etc.). The issue was discussed and the text was improved in this
There was also an extended discussion during WGLC on whether
top-down migration is the right way to do algorithm migration. I think
the WG still supports this approach.
This document is not specifying a protocol, so there are no
implementations. However considering past history in the
Security Area with algorithm migration in different protocols,
such migration event is quite likely, if RPKI ends up being
used for any significant period of time.
Alexey Melnikov is the Document Shepherd.
Stewart Bryant is the Responsible Area Director.
RFC Editor Note
Please change the Intended Status from Proposed Standard to BCP