draft-ietf-sidr-ghostbusters-11.txt   draft-ietf-sidr-ghostbusters-12.txt 
Network Working Group R. Bush Network Working Group R. Bush
Internet-Draft Internet Initiative Japan Internet-Draft Internet Initiative Japan
Intended status: Standards Track September 14, 2011 Intended status: Standards Track September 14, 2011
Expires: March 17, 2012 Expires: March 17, 2012
The RPKI Ghostbusters Record The RPKI Ghostbusters Record
draft-ietf-sidr-ghostbusters-11 draft-ietf-sidr-ghostbusters-12
Abstract Abstract
In the Resource Public Key Infrastructure (RPKI), resource In the Resource Public Key Infrastructure (RPKI), resource
certificates completely obscure names or any other information which certificates completely obscure names or any other information which
might be useful for contacting responsible parties to deal with might be useful for contacting responsible parties to deal with
issues of certificate expiration, maintenance, roll-overs, issues of certificate expiration, maintenance, roll-overs,
compromises, etc. This draft describes the RPKI Ghostbusters Record compromises, etc. This draft describes the RPKI Ghostbusters Record
containing human contact information which may be verified containing human contact information which may be verified
(indirectly) by a CA certificate. The data in the record are those (indirectly) by a CA certificate. The data in the record are those
skipping to change at page 3, line 21 skipping to change at page 3, line 21
organization, a NOC, .... An important example is when the operator organization, a NOC, .... An important example is when the operator
of a prefix described by a Route Origin Authorization (ROA) sees a of a prefix described by a Route Origin Authorization (ROA) sees a
problem, or an impending problem, with a certificate or CRL in the problem, or an impending problem, with a certificate or CRL in the
path between the ROA and a trust anchor. E.g., a certificate along path between the ROA and a trust anchor. E.g., a certificate along
that path has expired, is soon to expire, or a CRL associated with a that path has expired, is soon to expire, or a CRL associated with a
CA along the path is stale, thus placing the quality of the routing CA along the path is stale, thus placing the quality of the routing
of the address space described by the ROA in jeopardy. of the address space described by the ROA in jeopardy.
As the names in RPKI certificates are not meaningful to humans, see As the names in RPKI certificates are not meaningful to humans, see
[I-D.ietf-sidr-cp], there is no way to use a certificate itself to [I-D.ietf-sidr-cp], there is no way to use a certificate itself to
lead to the worrisome certificate's or CRL's maintainer. So, "Who do lead to the worrisome certificate's or CRL's maintainer. So, "Who
you call?" you gonna call?"
This document specifies the RPKI Ghostbusters Record, an object This document specifies the RPKI Ghostbusters Record, an object
verified via an End Entity (EE) certificate, issued under a CA verified via an End Entity (EE) certificate, issued under a CA
certificate, the maintainer of which may be contacted using the certificate, the maintainer of which may be contacted using the
payload information in the Ghostbusters Record. payload information in the Ghostbusters Record.
The Ghostbusters Record conforms to the syntax defined in The Ghostbusters Record conforms to the syntax defined in
[I-D.ietf-sidr-signed-object]. [I-D.ietf-sidr-signed-object].
Note that the Ghostbusters Record is not an identity certificate, but Note that the Ghostbusters Record is not an identity certificate, but
 End of changes. 2 change blocks. 
3 lines changed or deleted 3 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/