A new Request for Comments is now available in online RFC libraries.
RFC 8209
Title: A Profile for BGPsec Router
Certificates, Certificate Revocation Lists,
and Certification Requests
Author: M. Reynolds,
S. Turner,
S. Kent
Status: Standards Track
Stream: IETF
Date: September 2017
Mailbox: mcr@islandpeaksoftware.com,
sean@sn3rd.com,
kent@alum.mit.edu
Pages: 15
Characters: 29355
Updates: RFC 6487
I-D Tag: draft-ietf-sidr-bgpsec-pki-profiles-21.txt
URL: https://www.rfc-editor.org/info/rfc8209
DOI: 10.17487/RFC8209
This document defines a standard profile for X.509 certificates used
to enable validation of Autonomous System (AS) paths in the Border
Gateway Protocol (BGP), as part of an extension to that protocol
known as BGPsec. BGP is the standard for inter-domain routing in the
Internet; it is the "glue" that holds the Internet together. BGPsec
is being developed as one component of a solution that addresses the
requirement to provide security for BGP. The goal of BGPsec is to
provide full AS path validation based on the use of strong
cryptographic primitives. The end entity (EE) certificates specified
by this profile are issued to routers within an AS. Each of these
certificates is issued under a Resource Public Key Infrastructure
(RPKI) Certification Authority (CA) certificate. These CA
certificates and EE certificates both contain the AS Resource extension.
An EE certificate of this type asserts that
the router or routers holding the corresponding private key are
authorized to emit secure route advertisements on behalf of the
AS(es) specified in the certificate. This document also profiles the
format of certification requests and specifies Relying Party (RP)
certificate path validation procedures for these EE certificates.
This document extends the RPKI; therefore, this document updates the
RPKI Resource Certificates Profile (RFC 6487).
This document is a product of the Secure Inter-Domain Routing Working Group of the IETF.
This is now a Proposed Standard.
STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, and requests discussion and suggestions
for improvements. Please refer to the current edition of the Official
Internet Protocol Standards (https://www.rfc-editor.org/standards) for the
standardization state and status of this protocol. Distribution of this
memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
https://www.ietf.org/mailman/listinfo/ietf-announce
https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
