I-D Action: draft-ietf-sidr-rpki-tree-validation-00.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing of the IETF.

        Title           : RPKI Certificate Tree Validation by a Relying Party Tool
        Authors         : Oleg Muravskiy
                          Tim Bruijnzeels
	Filename        : draft-ietf-sidr-rpki-tree-validation-00.txt
	Pages           : 11
	Date            : 2016-03-21

Abstract:
   This document currently describes the approach to validate the
   content of the RPKI certificate tree, as used by the RIPE NCC RPKI
   Validator.  This approach is independent of a particular object
   retrieval mechanism.  This allows it to be used with repositories
   available over the rsync protocol, the RPKI Repository Delta
   Protocol, and repositories that use a mix of both.

   This algorithm does not rely on content of repository directories,
   but uses the Authority Key Identifier (AKI) field of a manifest and a
   certificate revocation list (CRL) objects to discover manifest and
   CRL objects issued by a particular Certificate Authority (CA).  It
   further uses the hashes of manifest entries to discover other objects
   issued by the CA.

   If the working group finds that algorithm outlined here is useful for
   other implementations, we may either update future revisions of this
   document to be less specific to the RIPE NCC RPKI Validator
   implementation, or we may use this document as a starting point of a
   generic validation document and keep this as a detailed description
   of the actual RIPE NCC RPKI Validator implementation.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-sidr-rpki-tree-validation/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-sidr-rpki-tree-validation-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux