The IESG has approved the following document: - 'RPKI Certificate Tree Validation by the RIPE NCC RPKI Validator' (draft-ietf-sidrops-rpki-tree-validation-03.txt) as Informational RFC This document is the product of the SIDR Operations Working Group. The IESG contact persons are Warren Kumari and Ignas Bagdonas. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-tree-validation/ Technical Summary This document describes the approach to validate the content of the RPKI certificate tree, as it is implemented in the RIPE NCC RPKI Validator. This approach is independent of a particular object retrieval mechanism. This allows it to be used with repositories available over the rsync protocol, the RPKI Repository Delta Protocol, and repositories that use a mix of both. This document describes how the RIPE NCC RPKI Validator version 2.23 has been implemented. Source code to this software can be found at [github]. The purpose of this document is to provide transparency to users of (and contributors to) this software tool, as well as serve to be subjected to scrutiny by the SIDR Operations Working Group. It is not intended as a document that describes a standard or best practices on how validation should be done in general. Working Group Summary No particularly difficult notes from the WG, this document describes the operations of a particular piece of infrastructure, it's not changing live things. Document Quality "Are there existing implementations of the protocol? " Yup, that's the whole purpose of this document :-). It is an Informational specification, "published for the general information of the Internet community, and does not represent an Internet community consensus or recommendation. The Informational designation is intended to provide for the timely publication of a very broad range of responsible informational documents from many sources, subject only to editorial considerations and to verification that there has been adequate coordination with the standards process". There are 3 outdated references, which can be handled by the RFC Editor: draft-ietf-sidr-delta-protocol -> RFC 8182 draft-ietf-sidr-rpki-validation-reconsidered -> RFC 8360 RFC 6485, obsoleted by RFC 7935 Personnel Chris Morrow is DS Warren Kumari is RAD (that *never* gets old!)
