Resource Public Key Infrastructure (RPKI) Trust Anchor Locator
draft-ietf-sidrops-https-tal-06
Network Working Group G. Huston
Internet-Draft APNIC
Obsoletes: 7730 (if approved) S. Weiler
Intended status: Standards Track W3C/MIT
Expires: July 27, 2019 G. Michaelson
APNIC
S. Kent
Unaffiliated
T. Bruijnzeels
NLnet Labs
January 23, 2019
Resource Public Key Infrastructure (RPKI) Trust Anchor Locator
draft-ietf-sidrops-https-tal-06
Abstract
This document defines a Trust Anchor Locator (TAL) for the Resource
Public Key Infrastructure (RPKI). TALs allow Relying Parties in the
RPKI to download the current Trust Anchor (TA) CA certificate from
one or more locations, and verify that the key of this self-signed
certificate matches the key on the TAL. Thus, Relying Parties can be
configured with TA keys, but allow these TAs to change the content of
their CA certificate. In particular it allows TAs to change the set
of Internet Number Resources included in the RFC3779 extension of
their certificate.
This document obsoletes the previous definition of Trust Anchor
Locators in RFC 7730 by adding support for HTTPS URIs.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 27, 2019.
Huston, et al. Expires July 27, 2019 [Page 1]
Internet-Draft https-tals January 2019
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Trust Anchor Locator . . . . . . . . . . . . . . . . . . . . 3
2.1. Trust Anchor Locator Motivation . . . . . . . . . . . . . 3
2.2. Trust Anchor Locator File Format . . . . . . . . . . . . 3
2.3. TAL and Trust Anchor Certificate Considerations . . . . . 4
2.4. Example . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Relying Party Use . . . . . . . . . . . . . . . . . . . . . . 6
4. HTTPS Considerations . . . . . . . . . . . . . . . . . . . . 7
5. Security Considerations . . . . . . . . . . . . . . . . . . . 7
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
7.1. Normative References . . . . . . . . . . . . . . . . . . 8
7.2. Informative References . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction
This document defines a Trust Anchor Locator (TAL) for the Resource
Public Key Infrastructure (RPKI) [RFC6480]. This format may be used
to distribute trust anchor material using a mix of out-of-band and
online means. Procedures used by Relying Parties (RPs) to verify
RPKI signed objects SHOULD support this format to facilitate
interoperability between creators of trust anchor material and RPs.
This document obsoletes [RFC7730] by adding support for HTTPS URIs in
a TAL.
Huston, et al. Expires July 27, 2019 [Page 2]
Internet-Draft https-tals January 2019
Show full document text