The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure
RFC 7935

Document Type RFC - Proposed Standard (August 2016; No errata)
Updated by RFC 8208
Obsoletes RFC 6485
Last updated 2016-09-01
Stream IETF
Formats plain text pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Document shepherd Sandra Murphy
Shepherd write-up Show (last changed 2016-04-15)
IESG IESG state RFC 7935 (Proposed Standard)
Consensus Boilerplate Yes
Telechat date
Responsible AD Alvaro Retana
Send notices to aretana@cisco.com
IANA IANA review state IANA OK - No Actions Needed
IANA action state No IC
Internet Engineering Task Force (IETF)                         G. Huston
Request for Comments: 7935                            G. Michaelson, Ed.
Obsoletes: 6485                                                    APNIC
Category: Standards Track                                    August 2016
ISSN: 2070-1721

                The Profile for Algorithms and Key Sizes
           for Use in the Resource Public Key Infrastructure

Abstract

   This document specifies the algorithms, algorithms' parameters,
   asymmetric key formats, asymmetric key size, and signature format for
   the Resource Public Key Infrastructure (RPKI) subscribers that
   generate digital signatures on certificates, Certificate Revocation
   Lists (CRLs), Cryptographic Message Syntax (CMS) signed objects and
   certification requests as well as for the relying parties (RPs) that
   verify these digital signatures.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by
   the Internet Engineering Steering Group (IESG).  Further
   information on Internet Standards is available in Section 2 of
   RFC 7841.

   Information about the current status of this document, any
   errata, and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7935.

Huston & Michaelson          Standards Track                    [Page 1]
RFC 7935                 RPKI Algorithm Profile              August 2016

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Algorithms  . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Asymmetric Key Pair Formats . . . . . . . . . . . . . . . . .   4
     3.1.  Public Key Format . . . . . . . . . . . . . . . . . . . .   5
     3.2.  Private Key Format  . . . . . . . . . . . . . . . . . . .   5
   4.  Signature Format  . . . . . . . . . . . . . . . . . . . . . .   5
   5.  Additional Requirements . . . . . . . . . . . . . . . . . . .   5
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   7.  Changes Applied to RFC 6485 . . . . . . . . . . . . . . . . .   6
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   7
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   8
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .   9
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   9

Huston & Michaelson          Standards Track                    [Page 2]
RFC 7935                 RPKI Algorithm Profile              August 2016

1.  Introduction

   This document specifies:

      *  the digital signature algorithm and parameters;

      *  the hash algorithm and parameters;

      *  the public and private key formats; and,

      *  the signature format

   used by Resource Public Key Infrastructure (RPKI) [RFC6480]
   subscribers when they apply digital signatures to certificates and
   Certificate Revocation Lists (CRLs) [RFC5280], Cryptographic Message
   Syntax (CMS) signed objects [RFC5652] (e.g., Route Origin
   Authorizations (ROAs) [RFC6482] and manifests [RFC6486]), and
   certification requests [RFC2986] [RFC4211].  Relying parties (RPs)
   also use the algorithms defined in this document to verify RPKI
   subscribers' digital signatures [RFC6480].

   The RPKI profiles and specification documents that reference RFC 6485
   now refer to this document; these documents include the RPKI
   Certificate Policy (CP) [RFC6484], the RPKI Certificate Profile
   [RFC6487], the RPKI Architecture [RFC6480], and the Signed Object
   Template for the RPKI [RFC6488].  Familiarity with these documents is
   assumed.

1.1.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
Show full document text