draft-ietf-sidr-bgpsec-pki-profiles-20.txt   draft-ietf-sidr-bgpsec-pki-profiles-21.txt 
Secure Inter-Domain Routing Working Group M. Reynolds Secure Inter-Domain Routing Working Group M. Reynolds
Internet-Draft IPSw Internet-Draft IPSw
Updates: 6487 (if approved) S. Turner Updates: 6487 (if approved) S. Turner
Intended status: Standard Track sn3rd Intended status: Standard Track sn3rd
Expires: July 8, 2017 S. Kent Expires: July 9, 2017 S. Kent
BBN BBN
January 4, 2017 January 5, 2017
A Profile for BGPsec Router Certificates, A Profile for BGPsec Router Certificates,
Certificate Revocation Lists, and Certification Requests Certificate Revocation Lists, and Certification Requests
draft-ietf-sidr-bgpsec-pki-profiles-20 draft-ietf-sidr-bgpsec-pki-profiles-21
Abstract Abstract
This document defines a standard profile for X.509 certificates used This document defines a standard profile for X.509 certificates used
to enable validation of Autonomous System (AS) paths in the Border to enable validation of Autonomous System (AS) paths in the Border
Gateway Protocol (BGP), as part of an extension to that protocol Gateway Protocol (BGP), as part of an extension to that protocol
known as BGPsec. BGP is the standard for inter-domain routing in the known as BGPsec. BGP is the standard for inter-domain routing in the
Internet; it is the "glue" that holds the Internet together. BGPsec Internet; it is the "glue" that holds the Internet together. BGPsec
is being developed as one component of a solution that addresses the is being developed as one component of a solution that addresses the
requirement to provide security for BGP. The goal of BGPsec is to requirement to provide security for BGP. The goal of BGPsec is to
skipping to change at page 7, line 20 skipping to change at page 7, line 20
o The SubjectPublicKeyInfo field is specified in [ID.sidr-bgpsec- o The SubjectPublicKeyInfo field is specified in [ID.sidr-bgpsec-
algs]. algs].
o The request is signed with the algorithms specified in [ID.sidr- o The request is signed with the algorithms specified in [ID.sidr-
bgpsec-algs]. bgpsec-algs].
3.3. BGPsec Router Certificate Validation 3.3. BGPsec Router Certificate Validation
The validation procedure used for BGPsec Router Certificates is The validation procedure used for BGPsec Router Certificates is
identical to the validation procedure described in Section 7 of identical to the validation procedure described in Section 7 of
[RFC6487] (and any RFC that updates this procedure), as modified [RFC6487] (and any RFC that updates that procedure), as modified
below. For example, in step 3: "The certificate contains all field below. For example, in step 3: "The certificate contains all fields
that must be present" - refers to the fields that are required by that MUST be present" - refers to the fields that are required by
this specification. this specification.
The differences are as follows: The differences are as follows:
o BGPsec Router Certificates MUST include the BGPsec Router EKU o BGPsec Router Certificates MUST include the BGPsec Router EKU
defined in Section 3.1.3.2. defined in Section 3.1.3.2.
o BGPsec Router Certificates MUST NOT include the SIA extension. o BGPsec Router Certificates MUST NOT include the SIA extension.
o BGPsec Router Certificates MUST NOT include the IP Resource o BGPsec Router Certificates MUST NOT include the IP Resource
 End of changes. 4 change blocks. 
6 lines changed or deleted 6 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/