draft-ietf-sidr-cps-03.txt   draft-ietf-sidr-cps-04.txt 
Secure Inter-Domain Routing (sidr) Kent, S. Secure Inter-Domain Routing (sidr) Kent, S.
Internet Draft Kong, D. Internet Draft Kong, D.
Expires: April 2014 Seo, K. Expires: October 2014 Seo, K.
Intended Status: BCP BBN Technologies Intended Status: BCP BBN Technologies
October 2013 April 2014
Template for a Certification Practice Statement (CPS) for the Template for a Certification Practice Statement (CPS) for the
Resource PKI (RPKI) Resource PKI (RPKI)
draft-ietf-sidr-cps-03.txt draft-ietf-sidr-cps-04.txt
Abstract Abstract
This document contains a template to be used for creating a This document contains a template to be used for creating a
Certification Practice Statement (CPS) for an Organization that is Certification Practice Statement (CPS) for an Organization that is
part of the Resource Public Key Infrastructure (RPKI), e.g., a part of the Resource Public Key Infrastructure (RPKI), e.g., a
resource allocation registry or an ISP. resource allocation registry or an ISP.
Status of this Memo Status of this Memo
skipping to change at page 1, line 39 skipping to change at page 1, line 39
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as work in progress." material or to cite them other than as work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on April 31,2014. This Internet-Draft will expire on October 31,2014.
Table of Contents Table of Contents
Preface...........................................................7 Preface...........................................................7
1. Introduction...................................................8 1. Introduction...................................................8
1.1. Overview..................................................8 1.1. Overview..................................................8
1.2. Document Name and Identification..........................9 1.2. Document Name and Identification..........................9
1.3. PKI Participants..........................................9 1.3. PKI Participants..........................................9
1.3.1. Certification Authorities............................9 1.3.1. Certification Authorities............................9
1.3.2. Registration Authorities............................10 1.3.2. Registration Authorities............................10
skipping to change at page 7, line 7 skipping to change at page 7, line 7
9.16.3. Severability.......................................40 9.16.3. Severability.......................................40
9.16.4. Enforcement (attorneys' fees and waiver of rights).40 9.16.4. Enforcement (attorneys' fees and waiver of rights).40
9.16.5. Force Majeure......................................40 9.16.5. Force Majeure......................................40
10. Security Considerations......................................41 10. Security Considerations......................................41
11. IANA Considerations..........................................41 11. IANA Considerations..........................................41
12. Acknowledgments..............................................41 12. Acknowledgments..............................................41
13. References...................................................42 13. References...................................................42
13.1. Normative References....................................42 13.1. Normative References....................................42
13.2. Informative References..................................42 13.2. Informative References..................................42
Author's Addresses...............................................43 Author's Addresses...............................................43
Copyright Statement..............................................44 Copyright Statement..............................................43
Preface Preface
This document contains a template to be used for creating a This document contains a template to be used for creating a
Certification Practice Statement (CPS) for an Organization that is Certification Practice Statement (CPS) for an Organization that is
part of the Resource Public Key Infrastructure (RPKI). (Throughout part of the Resource Public Key Infrastructure (RPKI). (Throughout
this document the term "organization" is used broadly, e.g., the this document the term "organization" is used broadly, e.g., the
entity in question might be a business unit of a larger entity in question might be a business unit of a larger
organization.) The user of this document should: organization.) The user of this document should:
skipping to change at page 7, line 39 skipping to change at page 7, line 39
5. delete sections 10, 11, Acknowledgments, Author's Addresses, and 5. delete sections 10, 11, Acknowledgments, Author's Addresses, and
Copyright Statement; leaving a reference section (omitting RFC Copyright Statement; leaving a reference section (omitting RFC
2119) 2119)
6. update the table of contents to reflect the changes required by 6. update the table of contents to reflect the changes required by
steps 4 and 5 above . steps 4 and 5 above .
This document has been generated to complement the Certificate Policy This document has been generated to complement the Certificate Policy
(CP) for the RPKI [RFC6484]. Like the RFC 6484, it is based on the (CP) for the RPKI [RFC6484]. Like the RFC 6484, it is based on the
template specified in RFC 3647. A number of sections contained in the template specified in RFC 3647 [RFC3647]. A number of sections
template were omitted from this CPS because they did not apply to contained in the template were omitted from this CPS because they did
this PKI. However, we have retained the section numbering scheme not apply to this PKI. However, we have retained the section
employed in the RFC to facilitate comparison with the section numbering scheme employed in the RFC to facilitate comparison with
numbering scheme employed in that RFC and in the RFC 6484. the section numbering scheme employed in that RFC and in the RFC
6484.
Conventions used in this document Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
1. Introduction 1. Introduction
This document is the Certification Practice Statement (CPS) of <Name This document is the Certification Practice Statement (CPS) of <Name
skipping to change at page 15, line 22 skipping to change at page 15, line 22
identified by an X.500 Distinguished Name (DN). The distinguished identified by an X.500 Distinguished Name (DN). The distinguished
name will consist of a single Common Name (CN) attribute with a name will consist of a single Common Name (CN) attribute with a
value generated by <Name of Organization>. Optionally, the value generated by <Name of Organization>. Optionally, the
serialNumber attribute may be included along with the common name serialNumber attribute may be included along with the common name
(to form a terminal relative distinguished name set), to distinguish (to form a terminal relative distinguished name set), to distinguish
among successive instances of certificates associated with the same among successive instances of certificates associated with the same
entity. entity.
3.1.2. Need for Names to be Meaningful 3.1.2. Need for Names to be Meaningful
The Subject name in each certificate SHOULD NOT be "meaningful",in The Subject name in each certificate SHOULD NOT be "meaningful," in
the conventional, human-readable sense. The rationale here is that the conventional, human-readable sense. The rationale here is that
these certificates are used for authorization in support of these certificates are used for authorization in support of
applications that make use of attestations of INR holdings. They are applications that make use of attestations of INR holdings. They are
not used to identify subjects. not used to identify subjects.
3.1.3. Anonymity or Pseudonymity of Subscribers 3.1.3. Anonymity or Pseudonymity of Subscribers
Although Subject names in certificates issued by this Organization Although Subject names in certificates issued by this Organization
SHOULD NOT be meaningful, and may appear "random," anonymity is not a SHOULD NOT be meaningful, and may appear "random," anonymity is not a
function of this PKI; thus no explicit support for this feature is function of this PKI; thus no explicit support for this feature is
skipping to change at page 43, line 5 skipping to change at page 43, line 5
Authorizations (ROAs)," February 2012. Authorizations (ROAs)," February 2012.
[RFC6486] R. Austein, G. Huston, S. Kent, M. Lepinski, "Manifests for [RFC6486] R. Austein, G. Huston, S. Kent, M. Lepinski, "Manifests for
the Resource Public Key Infrastructure (RPKI)," February the Resource Public Key Infrastructure (RPKI)," February
2012. 2012.
[RFC6489] G. Huston, G. Michaelson, S. Kent, "Certification Authority [RFC6489] G. Huston, G. Michaelson, S. Kent, "Certification Authority
(CA) Key Rollover in the Resource Public Key Infrastructure (CA) Key Rollover in the Resource Public Key Infrastructure
(RPKI), February 2012. (RPKI), February 2012.
[RSA] Rivest, R., Shamir, A., and Adelman, L. M. 1978. A method
for obtaining digital signatures and public-key
cryptosystems. Commun. ACM 21, 2 (Feb.), 120-126.
Author's Addresses Author's Addresses
Stephen Kent Stephen Kent
BBN Technologies BBN Technologies
10 Moulton Street 10 Moulton Street
Cambridge MA 02138 Cambridge MA 02138
USA USA
Phone: +1 (617) 873-3988 Phone: +1 (617) 873-3988
Email: skent@bbn.com Email: skent@bbn.com
skipping to change at page 44, line 7 skipping to change at page 43, line 36
BBN Technologies BBN Technologies
10 Moulton Street 10 Moulton Street
Cambridge MA 02138 Cambridge MA 02138
USA USA
Phone: +1 (617) 873-3152 Phone: +1 (617) 873-3152
Email: kseo@bbn.com Email: kseo@bbn.com
Copyright Statement Copyright Statement
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
 End of changes. 9 change blocks. 
16 lines changed or deleted 13 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/