The IESG has approved the following document: - 'Validation of Route Origination using the Resource Certificate PKI and ROAs' (draft-ietf-sidr-roa-validation-10.txt) as an Informational RFC This document is the product of the Secure Inter-Domain Routing Working Group. The IESG contact persons are Adrian Farrel and Stewart Bryant. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-sidr-roa-validation/ Technical Summary This document defines the semantics of a Route Origin Authorization (ROA) in terms of an application of the Resource Public Key Infrastructure (RPKI) to the validation of the origination of routes advertised in the Border Gateway Protocol. Working Group Summary The initial versions of this document presented a validation algorithm that was considerably more complex than the final verison. It was modified and simplified over many versions and discussions. The present document is an outcome of energetic discussions involving a broad cross-section of the working group. The authors advocated the original approach vigorously, but eventually accepted the group consensus. IP has been filed at http://datatracker.ietf.org/ipr/1204/ The working group discussed this in Nov 2009. The WG decided that it prefered non-IPR'd technologies, but did not reject this work and continued with it. Document Quality This document is clear and submitted as Informational without anything to be implemented. A related document describes an implementation in the BGP decision process. The related document is itself being implemented by at least one router vendor. Personnel Sandy Murphy (sandy@sparta.com) is the Document Shepherd. Adrian Farrel (adrian/farrel@hauwei,com) is the responsible AD. RFC Editor Note Section 4 final sentence s/MAY/may/ --- Section 5 OLD A ROA validation "expires" at the Validity To field of the signing EE certificate, or at such a time when there is no certification path that can validate the ROA. A ROA issuer may elect to prematurely invalidate a ROA by revoking the EE certificate that was used to sign the ROA. NEW A ROA validation "expires" at the notAfter field of the signing EE certificate, or at such a time when there is no certification path that can validate the ROA. A ROA issuer may elect to prematurely invalidate a ROA by revoking the EE certificate that was used to sign the ROA. END _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
