The IESG has approved the following document: - 'A Profile for X.509 PKIX Resource Certificates' (draft-ietf-sidr-res-certs-22.txt) as a Proposed Standard This document is the product of the Secure Inter-Domain Routing Working Group. The IESG contact persons are Stewart Bryant and Adrian Farrel. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-sidr-res-certs/ Technical Summary This document defines a standard profile for X.509 certificates for the purposes of supporting validation of assertions of "right-of-use" of Resources (INRs). The certificates issued under this profile are used to convey the Issuer's authorisation of the Subject to be regarded as the current holder of a "right-of-use" of the INRs that are described in the certificate. This document contains the normative specification of Certificate and Certificate Revocation List (CRL) syntax in the Resource Public Key Infrastructure (RPKI). The document also specifies profiles for the format of certificate requests. The document also specifies the Relying Party RPKI certificate path validation procedure. Working Group Summary This draft was the first draft presented to the working group and has been a basis for other work in the working group. Several implementators of this certificate profile have conveyed implementation experience that has been incorporated into the draft. Document Quality This document is well written and clear. Over the years, portions have been extracted to become independent drafts and the language has become more concise as a result of detailed reviews. Although this profile does not define a protocol, several independent implementations of this certificate profile exist, indicating careful review. There have been careful reviews by X.509 PKI experts and by ASN.1 experts and their comments have been addressed. Personnel Sandra Murphy is the Document Shepherd for this document. Stewart Bryant is the Responsible Area Director. RFC Editor Note In the References: OLD [ID.sidr-cp] Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate Policy (CP) for the Resource PKI (RPKI)", Work in progress: Internet Drafts draft-ietf-sidr-c-13.txt, September 2010. NEW [ID.sidr-cp] Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate Policy (CP) for the Resource PKI (RPKI)", Work in progress: Internet Drafts draft-ietf-sidr-cp-13.txt, September 2010. END In Section 4.9.6, 3rd paragraph: OLD: The CRL Distribution Points (CRLDP) extension identifies the location(s) of the CRL(s) associated with certificates issued by this Issuer. The RPKI uses the URI form of object identification. The preferred URI access mechanism is a single RSYNC URI ("rsync://") [RFC5781] that references a single inclusive CRL for each Issuer. NEW: The CRL Distribution Points (CRLDP) extension identifies the location(s) of the CRL(s) associated with certificates issued by this Issuer. The RPKI uses the URI [RFC3986] form of object identification. The preferred URI access mechanism is a single RSYNC URI ("rsync://") [RFC5781] that references a single inclusive CRL for each Issuer. Please add [RFC3986] to the list of Normative References. Please move [RFC5781] to the Normative References. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
