Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Resource Public Key Infrastructure (RPKI) Validation Reconsidered
RFC 8360

Revision differences

From revision

To revision

Diff format

Document history

Date	By	Action
2020-01-21	(System)	Received changes through RFC Editor sync (added Verified Errata tag)
2019-02-14	(System)	Received changes through RFC Editor sync (added Errata tag)
2018-12-19	(System)	Received changes through RFC Editor sync (changed abstract to 'This document specifies an alternative to the certificate validation procedure specified in RFC 6487 that reduces … Received changes through RFC Editor sync (changed abstract to 'This document specifies an alternative to the certificate validation procedure specified in RFC 6487 that reduces aspects of operational fragility in the management of certificates in the Resource Public Key Infrastructure (RPKI), while retaining essential security features. The procedure specified in RFC 6487 requires that Resource Certificates are rejected entirely if they are found to overclaim any resources not contained on the issuing certificate, whereas the validation process defined here allows an issuing Certification Authority (CA) to chose to communicate that such Resource Certificates should be accepted for the intersection of their resources and the issuing certificate. It should be noted that the validation process defined here considers validation under a single trust anchor (TA) only. In particular, concerns regarding overclaims where multiple configured TAs claim overlapping resources are considered out of scope for this document. This choice is signaled by a set of alternative Object Identifiers (OIDs) per "X.509 Extensions for IP Addresses and AS Identifiers" (RFC 3779) and "Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI)" (RFC 6484). It should be noted that in case these OIDs are not used for any certificate under a trust anchor, the validation procedure defined here has the same outcome as the procedure defined in RFC 6487. Furthermore, this document provides an alternative to Route Origin Authorization (ROA) (RFC 6482) and BGPsec Router Certificate (BGPsec PKI Profiles -- publication requested) validation.')
2018-04-04	(System)	Received changes through RFC Editor sync (created alias RFC 8360, changed title to 'Resource Public Key Infrastructure (RPKI) Validation Reconsidered', changed abstract to 'This … Received changes through RFC Editor sync (created alias RFC 8360, changed title to 'Resource Public Key Infrastructure (RPKI) Validation Reconsidered', changed abstract to 'This document specifies an alternative to the certificate validation procedure specified in RFC 6487 that reduces aspects of operational fragility in the management of certificates in the Resource Public Key Infrastructure (RPKI), while retaining essential security features.', changed pages to 29, changed standardization level to Proposed Standard, changed state to RFC, added RFC published event at 2018-04-04, changed IESG state to RFC Published)
2018-04-04	(System)	RFC published