I-D Action: draft-ietf-sidr-ltamgmt-07.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Secure Inter-Domain Routing Working Group of the IETF.

	Title           : Local Trust Anchor Management for the Resource Public Key Infrastructure
	Author(s)       : Mark Reynolds
                          Stephen Kent
                          Matthew Lepinski
	Filename        : draft-ietf-sidr-ltamgmt-07.txt
	Pages           : 28
	Date            : 2012-10-11

Abstract:
   This document describes a facility to enable a relying party (RP) to
   manage trust anchors (TAs) in the context of the Resource Public Key
   Infrastructure (RPKI). It is common in RP software (not just in the
   RPKI) to allow an RP to import TA material in the form of self-signed
   certificates. However, this approach to incorporating TAs is
   potentially dangerous. (These self-signed certificates rarely
   incorporate any extensions that impose constraints on the scope of
   the imported public keys, and the RP is not able to impose such
   constraints.) The facility described in this document allows an RP to
   impose constraints on such TAs. Because this mechanism is designed to
   operate in the RPKI context, the most important constraints are the
   Internet Number Resources (INRs) expressed via RFC 3779 extensions.
   These extentions bind address spaces and/or autonomous system (AS)
   numbers to entities. The primary motivation for the facility described
   in this document is to enable an RP to ensure that INR information
   that it has acquired via some trusted channel is not overridden by the
   information acquired from the RPKI repository system or by the putative
   TAs that the RP imports. Specifically, the mechanism allows an RP to
   specify a set of overriding bindings between public key identifiers and
   INR data. These bindings take precedence over any conflicting bindings
   acquired by the putative TAs and the certificates downloaded from the
   RPKI repository system. This mechanism is designed for local use by an RP,
   but any entity that is accorded administrative control over a set of RPs
   may use this mechanism to convey its view of the RPKI to RPs within its
   jurisdiction. The means by which this latter use case is effected is
   outside the scope of this document.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-sidr-ltamgmt

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-sidr-ltamgmt-07

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-sidr-ltamgmt-07


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux