Hash Of Root Key Certificate Extension
RFC 8649

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: rdd@cert.org, lamps-chairs@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lamps-hash-of-root-key-cert-extn@ietf.org, spasm@ietf.org, Tim Hollebeek <tim.hollebeek@digicert.com>, tim.hollebeek@digicert.com, rfc-editor@rfc-editor.org
Subject: Document Action: 'Hash Of Root Key Certificate Extension' to Informational RFC (draft-ietf-lamps-hash-of-root-key-cert-extn-07.txt)

The IESG has approved the following document:
- 'Hash Of Root Key Certificate Extension'
  (draft-ietf-lamps-hash-of-root-key-cert-extn-07.txt) as Informational RFC

This document is the product of the Limited Additional Mechanisms for PKIX
and SMIME Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-hash-of-root-key-cert-extn/


Technical Summary

This document specifies the Hash Of Root Key certificate extension.
This certificate extension is carried in the self-signed certificate
for a trust anchor, which is often called a Root Certification
Authority (CA) certificate.  This certificate extension unambiguously
identifies the next public key that will be used at some point in the
future as the next Root CA certificate, eventually replacing the
current one.

Working Group Summary

There is consensus for this document in the LAMPS WG.

Document Quality

This extension is part of the specifications that will be used
in at least one new PKI.  In addition, the Secure Electronic
Transaction (SET) specification published by MasterCard and VISA
in 1997 includes a very similar certificate extension.  The SET
certificate extension has essentially the same semantics, but the
syntax fairly different.

Personnel

Tim Hollebeek is the document shepherd.
Roman Danyliw is the responsible area director.