draft-ietf-sidr-rfc6490-bis-04.txt   draft-ietf-sidr-rfc6490-bis-05.txt 
SIDR G. Huston SIDR G. Huston
Internet-Draft APNIC Internet-Draft APNIC
Obsoletes: 6490 (if approved) S. Weiler Obsoletes: 6490 (if approved) S. Weiler
Intended status: Standards Track Parsons Intended status: Standards Track Parsons
Expires: November 16, 2015 G. Michaelson Expires: April 10, 2016 G. Michaelson
APNIC APNIC
S. Kent S. Kent
BBN BBN
May 15, 2015 October 8, 2015
Resource Public Key Infrastructure (RPKI) Trust Anchor Locator Resource Public Key Infrastructure (RPKI) Trust Anchor Locator
draft-ietf-sidr-rfc6490-bis-04 draft-ietf-sidr-rfc6490-bis-05
Abstract Abstract
This document defines a Trust Anchor Locator (TAL) for the Resource This document defines a Trust Anchor Locator (TAL) for the Resource
Public Key Infrastructure (RPKI). This document obsoletes RFC6490 by Public Key Infrastructure (RPKI). This document obsoletes RFC6490 by
adding support for multiple URIs in a TAL. adding support for multiple URIs in a TAL.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 16, 2015. This Internet-Draft will expire on April 10, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 15 skipping to change at page 2, line 15
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Trust Anchor Locator . . . . . . . . . . . . . . . . . . . . . 3 2. Trust Anchor Locator . . . . . . . . . . . . . . . . . . . . . 3
2.1. Trust Anchor Locator Format . . . . . . . . . . . . . . . . 3 2.1. Trust Anchor Locator Format . . . . . . . . . . . . . . . . 3
2.2. TAL and Trust Anchor Certificate Considerations . . . . . . 4 2.2. TAL and Trust Anchor Certificate Considerations . . . . . . 4
2.3. Example . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.3. Example . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Relying Party Use . . . . . . . . . . . . . . . . . . . . . . . 6 3. Relying Party Use . . . . . . . . . . . . . . . . . . . . . . . 6
4. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 7
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 7
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7.1. Normative References . . . . . . . . . . . . . . . . . . . 7 7.1. Normative References . . . . . . . . . . . . . . . . . . . 8
7.2. Informative References . . . . . . . . . . . . . . . . . . 8 7.2. Informative References . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
This document defines a Trust Anchor Locator (TAL) for the Resource This document defines a Trust Anchor Locator (TAL) for the Resource
Public Key Infrastructure (RPKI) [RFC6480]. This format may be used Public Key Infrastructure (RPKI) [RFC6480]. This format may be used
to distribute trust anchor material using a mix of out-of-band and to distribute trust anchor material using a mix of out-of-band and
online means. Procedures used by Relying Parties (RPs) to verify online means. Procedures used by Relying Parties (RPs) to verify
RPKI signed objects SHOULD support this format to facilitate RPKI signed objects SHOULD support this format to facilitate
interoperability between creators of trust anchor material and RPs. interoperability between creators of trust anchor material and RPs.
This document obsoletes RFC 6490 by adding support for multiple URIs This document obsoletes RFC 6490 by adding support for multiple URIs
skipping to change at page 4, line 16 skipping to change at page 4, line 16
of the ASCII encoding of the TAL, versus the binary (ASN.1) encoding of the ASCII encoding of the TAL, versus the binary (ASN.1) encoding
for TrustAnchorInfo. for TrustAnchorInfo.
The TAL is an ordered sequence of: The TAL is an ordered sequence of:
1) a URI section, 1) a URI section,
2) a <CRLF> or <LF> line break, 2) a <CRLF> or <LF> line break,
3) a subjectPublicKeyInfo [RFC5280] in DER format [X.509], 3) a subjectPublicKeyInfo [RFC5280] in DER format [X.509],
encoded in Base64 (see Section 4 of [RFC4648]. encoded in Base64 (see Section 4 of [RFC4648]. To avoid long
lines <CRLF> or <LF> line breaks MAY be inserted into the
Base64 encoded string.
where the URI section is comprised of one of more of the ordered where the URI section is comprised of one of more of the ordered
sequence of: sequence of:
1.1) an rsync URI [RFC5781], 1.1) an rsync URI [RFC5781],
1.2) a <CRLF> or <LF> line break. 1.2) a <CRLF> or <LF> line break.
2.2. TAL and Trust Anchor Certificate Considerations 2.2. TAL and Trust Anchor Certificate Considerations
skipping to change at page 7, line 40 skipping to change at page 8, line 10
The authors acknowledge with work of Roque Gagliano, Terry Manderson The authors acknowledge with work of Roque Gagliano, Terry Manderson
and Carlos Martinez Cagnazzo in developing the ideas behind the and Carlos Martinez Cagnazzo in developing the ideas behind the
inclusion of multiple URIs in the TAL. inclusion of multiple URIs in the TAL.
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP [RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP
Addresses and AS Identifiers", RFC 3779, June 2004. Addresses and AS Identifiers", RFC 3779, DOI 10.17487/
RFC3779, June 2004,
<http://www.rfc-editor.org/info/rfc3779>.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, October 2006. Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,
<http://www.rfc-editor.org/info/rfc4648>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008. (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<http://www.rfc-editor.org/info/rfc5280>.
[RFC5781] Weiler, S., Ward, D., and R. Housley, "The rsync URI [RFC5781] Weiler, S., Ward, D., and R. Housley, "The rsync URI
Scheme", RFC 5781, February 2010. Scheme", RFC 5781, DOI 10.17487/RFC5781, February 2010,
<http://www.rfc-editor.org/info/rfc5781>.
[RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for [RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for
X.509 PKIX Resource Certificates", RFC 6487, X.509 PKIX Resource Certificates", RFC 6487, DOI 10.17487/
February 2012. RFC6487, February 2012,
<http://www.rfc-editor.org/info/rfc6487>.
[X.509] ITU-T, "Recommendation X.509: The Directory - [X.509] ITU-T, "Recommendation X.509: The Directory -
Authentication Framework", 2000. Authentication Framework", 2000.
7.2. Informative References 7.2. Informative References
[RFC4158] Cooper, M., Dzambasow, Y., Hesse, P., Joseph, S., and R. [RFC4158] Cooper, M., Dzambasow, Y., Hesse, P., Joseph, S., and R.
Nicholas, "Internet X.509 Public Key Infrastructure: Nicholas, "Internet X.509 Public Key Infrastructure:
Certification Path Building", RFC 4158, September 2005. Certification Path Building", RFC 4158, DOI 10.17487/
RFC4158, September 2005,
<http://www.rfc-editor.org/info/rfc4158>.
[RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor [RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor
Format", RFC 5914, June 2010. Format", RFC 5914, DOI 10.17487/RFC5914, June 2010,
<http://www.rfc-editor.org/info/rfc5914>.
[RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support [RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support
Secure Internet Routing", RFC 6480, February 2012. Secure Internet Routing", RFC 6480, DOI 10.17487/RFC6480,
February 2012, <http://www.rfc-editor.org/info/rfc6480>.
[RFC6486] Austein, R., Huston, G., Kent, S., and M. Lepinski, [RFC6486] Austein, R., Huston, G., Kent, S., and M. Lepinski,
"Manifests for the Resource Public Key Infrastructure "Manifests for the Resource Public Key Infrastructure
(RPKI)", RFC 6486, February 2012. (RPKI)", RFC 6486, DOI 10.17487/RFC6486, February 2012,
<http://www.rfc-editor.org/info/rfc6486>.
Authors' Addresses Authors' Addresses
Geoff Huston Geoff Huston
APNIC APNIC
Email: gih@apnic.net Email: gih@apnic.net
URI: http://www.apnic.net URI: http://www.apnic.net
Samuel Weiler Samuel Weiler
 End of changes. 19 change blocks. 
21 lines changed or deleted 36 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/