Resource Public Key Infrastructure (RPKI) Trust Anchor Locator
draft-ietf-sidrops-https-tal-08
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2019-08-07
|
08 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2019-06-22
|
08 | Tero Kivinen | Assignment of request for Last Call review by SECDIR to Daniel Franke was marked no-response |
2019-06-11
|
08 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2019-06-06
|
08 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2019-05-13
|
08 | (System) | IANA Action state changed to No IANA Actions from In Progress |
2019-05-06
|
08 | (System) | RFC Editor state changed to EDIT |
2019-05-06
|
08 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2019-05-06
|
08 | (System) | Announcement was received by RFC Editor |
2019-05-06
|
08 | (System) | IANA Action state changed to In Progress |
2019-05-06
|
08 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::Point Raised - writeup needed |
2019-05-06
|
08 | Cindy Morgan | IESG has approved the document |
2019-05-06
|
08 | Cindy Morgan | Closed "Approve" ballot |
2019-05-06
|
08 | Cindy Morgan | Ballot approval text was generated |
2019-04-30
|
08 | Tim Bruijnzeels | New version available: draft-ietf-sidrops-https-tal-08.txt |
2019-04-30
|
08 | (System) | New version approved |
2019-04-30
|
08 | (System) | Request for posting confirmation emailed to previous authors: Tim Bruijnzeels , George Michaelson , Geoff Huston , Samuel Weiler , Stephen Kent |
2019-04-30
|
08 | Tim Bruijnzeels | Uploaded new revision |
2019-04-29
|
07 | Min Ye | Request for Telechat review by RTGDIR Completed: Ready. Reviewer: John Drake. |
2019-04-23
|
07 | Luc André Burdet | Request for Telechat review by RTGDIR is assigned to John Drake |
2019-04-23
|
07 | Luc André Burdet | Request for Telechat review by RTGDIR is assigned to John Drake |
2019-04-17
|
07 | Min Ye | Request for Telechat review by RTGDIR is assigned to Patrice Brissette |
2019-04-17
|
07 | Min Ye | Request for Telechat review by RTGDIR is assigned to Patrice Brissette |
2019-04-11
|
07 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation |
2019-04-11
|
07 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2019-04-11
|
07 | Ignas Bagdonas | [Ballot Position Update] New position, No Objection, has been recorded for Ignas Bagdonas |
2019-04-10
|
07 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2019-04-10
|
07 | Alexey Melnikov | [Ballot comment] Thank you for this well written document. I have a few relatively minor comments (and questions) which I think you should address: 1. … [Ballot comment] Thank you for this well written document. I have a few relatively minor comments (and questions) which I think you should address: 1. Introduction This document obsoletes [RFC7730] by adding support for HTTPS URIs in a TAL. If this document obsoletes RFC 7730, then I think you need to have "Changes since RFC 7730" section (Is this a BIS document?). If it only updates it, then the above (and the obsolete header at the top of the draft) is not correct. 2.2. Trust Anchor Locator File Format In this document we define a Trust Anchor URI as a URI that can be used to retrieved a current Trust Anchor certificate. This URI MUST be either an rsync URI [RFC5781], or an HTTPS URI [RFC7230]. I think the first mention of URI still needs a reference to RFC 3986. The TAL is an ordered sequence of: 1. an optional comment section consisting of one or more lines each starting with the '#' character, followed by human readable informational UTF-8 text, and ending with a line break, Unless you think you want to use ASCII and Unicode Control characters in this field, I think you should recommend usage of RFC 5198 here. 2.3. TAL and Trust Anchor Certificate Considerations The trust anchor MUST contain a stable key. This key MUST NOT change How does "MUST contain a stable key" differ from "key MUST NOT change"? when the certificate is reissued due to changes in the INR extension(s), when the certificate is renewed prior to expiration, or for any reason other than a key change. This reads funny: “you must not change the key unless you decide to change the key”. Maybe talk about key compromise and key strength no longer being adequate instead? 4. HTTPS Considerations o This protocol does not require the use of SRV-IDs. o This protocol does not require the use of URI-IDs. I suspect this was copied from another RFC, but "does not require" is not right here, as it doesn't prevent it as an option. I think you should change "does not require the use" to "does not use" |
2019-04-10
|
07 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov |
2019-04-10
|
07 | Adam Roach | [Ballot comment] Thanks to everyone who worked on this document. --------------------------------------------------------------------------- I find it curious and somewhat problematic that there is not a section, equivalent … [Ballot comment] Thanks to everyone who worked on this document. --------------------------------------------------------------------------- I find it curious and somewhat problematic that there is not a section, equivalent to the existing section 4, that deals with RSYNC considerations. In particular, the attack described in the first paragraph of section 4 appears to be unavoidable when the TAL contains an RSYNC URI. Minimally, this document should draw attention to that fact, at least in the Security Considerations section. Ideally, it would deprecate -- or at least discourage -- the use of RSYNC URIs for this reason. [This would be a discuss-level comment if this were a green-field document, but I don't want to stand in the way of improving an existing mechanism, so I'm only leaving it as a comment. The authors may choose to move forward without fixing this issue] --------------------------------------------------------------------------- §2.2: > In this document we define a Trust Anchor URI as a URI that can be > used to retrieved a current Trust Anchor certificate Nit: "...to retrieve..." |
2019-04-10
|
07 | Adam Roach | [Ballot Position Update] New position, Yes, has been recorded for Adam Roach |
2019-04-10
|
07 | Roman Danyliw | [Ballot comment] Thanks for the easy to read diff with RFC7730. A minor nit: (1) Section 2.1, Typo. s/implementors/implementers/ |
2019-04-10
|
07 | Roman Danyliw | [Ballot Position Update] New position, No Objection, has been recorded for Roman Danyliw |
2019-04-10
|
07 | Martin Vigoureux | [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux |
2019-04-09
|
07 | Benjamin Kaduk | [Ballot comment] Thank you for keeping the diff from RFC 7730 tidy! Abstract their CA certificate. In particular it allows TAs to change the … [Ballot comment] Thank you for keeping the diff from RFC 7730 tidy! Abstract their CA certificate. In particular it allows TAs to change the set of Internet Number Resources included in the RFC3779 extension of their certificate. Neither "Internet Number" nor "Number Resources" appears in RFC 3779 that I can see. (On a quick skim, I'm still not sure if we mean AS number or IP address/prefix.) Section 2.1 the trust anchor per se. In the RPKI, certificates contain extensions that represent Internet Number Resources (INRs) [RFC3779]. (As above, I don't see INRs mentioned in RFC 3779.) Since comments are new in this rev of TAL, do we want to caution consumers that implementations may not necessarily support comments yet? Section 2.3 The trust anchor MUST contain a stable key. This key MUST NOT change when the certificate is reissued due to changes in the INR extension(s), when the certificate is renewed prior to expiration, or for any reason other than a key change. (This seems a bit tautological...) If an entity wishes to withdraw a self-signed CA certificate as a putative trust anchor, for any reason, including key rollover, the entity MUST remove the object from the location referenced in the TAL. Certain classes of attacker could continue to publish the last-known certificate as a trust anchor and prevent this withdrawl from taking effect; we should probably cover that in the security considerations. Section 2.4 We say that it's RECOMMENDED to have different domains (so as to get different IP addresses) but this example shows only a single domain. Section 4 Note that a Man in the Middle (MITM) cannot produce a CA certificate that would be considered valid according to the process described in Section 3. [...] I think the key part is that the attacker cannot produce a *new* CA certificate that differs from a legitimate one, but they can MITM the HTTPS connection and present a legitimate (but potentially stale) CA certificate. o DNS names in Repository Server certificates SHOULD NOT contain the wildcard character "*". Would a Relying Party ever reject the HTTPS connection (and thus, the delivered TA) if a wildcard certificate is presented for the HTTPS connection? Section 5 This TAL does not directly provide a list of resources covered by the referenced self-signed CA certificate. Instead, the RP is referred to the trust anchor itself and the INR extension(s) within this certificate. This provides necessary operational flexibility, but it also allows the certificate issuer to claim to be authoritative for any resource. Relying parties should either have great confidence in the issuers of such certificates that they are configuring as trust anchors, or they should issue their own self-signed certificate as a trust anchor and, in doing so, impose constraints on the subordinate certificates. Are there any external databases that a RP could consult to affect the decision of whether to believe that a TA should actually be claiming the indicated resource(s)? (It would be a bit silly, given that this is the RPKI already, but still...) |
2019-04-09
|
07 | Benjamin Kaduk | [Ballot Position Update] New position, No Objection, has been recorded for Benjamin Kaduk |
2019-04-09
|
07 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2019-04-09
|
07 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2019-04-09
|
07 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded for Magnus Westerlund |
2019-04-08
|
07 | Luc André Burdet | Request for Telechat review by RTGDIR is assigned to Matthew Bocci |
2019-04-08
|
07 | Luc André Burdet | Request for Telechat review by RTGDIR is assigned to Matthew Bocci |
2019-04-07
|
07 | Barry Leiba | [Ballot comment] I realize that this document inherits the text in Section 3 from RFC 6490, but can you tell me why there are … [Ballot comment] I realize that this document inherits the text in Section 3 from RFC 6490, but can you tell me why there are SHOULDs and not MUSTs? Why would one NOT do it the way Section 3 specifies? Then I’ll ask the same question for the new https text in Section 4, especially about TLS certificate and host name validation. |
2019-04-07
|
07 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2019-04-03
|
07 | Éric Vyncke | [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke |
2019-04-03
|
07 | Mirja Kühlewind | [Ballot comment] Usually we recommend to have a "Changes since RFC7730" section in bis documents... however, maybe the changes are small enough in this … [Ballot comment] Usually we recommend to have a "Changes since RFC7730" section in bis documents... however, maybe the changes are small enough in this doc that that is not needed. |
2019-04-03
|
07 | Mirja Kühlewind | [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind |
2019-03-26
|
07 | Luc André Burdet | Request for Telechat review by RTGDIR is assigned to IJsbrand Wijnands |
2019-03-26
|
07 | Luc André Burdet | Request for Telechat review by RTGDIR is assigned to IJsbrand Wijnands |
2019-03-26
|
07 | Luc André Burdet | Assignment of request for Telechat review by RTGDIR to Harish Sitaraman was rejected |
2019-03-25
|
07 | Min Ye | Request for Telechat review by RTGDIR is assigned to Harish Sitaraman |
2019-03-25
|
07 | Min Ye | Request for Telechat review by RTGDIR is assigned to Harish Sitaraman |
2019-03-22
|
07 | Pete Resnick | Request for Last Call review by GENART Completed: Ready with Issues. Reviewer: Pete Resnick. Sent review to list. |
2019-03-21
|
07 | Cindy Morgan | Placed on agenda for telechat - 2019-04-11 |
2019-03-21
|
07 | Warren Kumari | IESG state changed to IESG Evaluation from Waiting for Writeup |
2019-03-21
|
07 | Warren Kumari | Ballot has been issued |
2019-03-21
|
07 | Warren Kumari | [Ballot Position Update] New position, Yes, has been recorded for Warren Kumari |
2019-03-21
|
07 | Warren Kumari | Created "Approve" ballot |
2019-03-21
|
07 | Warren Kumari | Ballot writeup was changed |
2019-03-18
|
07 | Linda Dunbar | Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Linda Dunbar. Sent review to list. |
2019-03-18
|
07 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2019-03-18
|
07 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has reviewed draft-ietf-sidrops-https-tal-07, which is currently in Last Call, and has the following comments: We … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has reviewed draft-ietf-sidrops-https-tal-07, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any registry actions. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object. If this assessment is not accurate, please respond as soon as possible. Thank you, Sabrina Tanamal Senior IANA Services Specialist |
2019-03-18
|
07 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2019-03-11
|
07 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Linda Dunbar |
2019-03-11
|
07 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Linda Dunbar |
2019-03-07
|
07 | Min Ye | Request for Telechat review by RTGDIR is assigned to Jon Mitchell |
2019-03-07
|
07 | Min Ye | Request for Telechat review by RTGDIR is assigned to Jon Mitchell |
2019-03-07
|
07 | Jean Mahoney | Request for Last Call review by GENART is assigned to Pete Resnick |
2019-03-07
|
07 | Jean Mahoney | Request for Last Call review by GENART is assigned to Pete Resnick |
2019-03-07
|
07 | Alvaro Retana | Requested Telechat review by RTGDIR |
2019-03-07
|
07 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Daniel Franke |
2019-03-07
|
07 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Daniel Franke |
2019-03-04
|
07 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2019-03-04
|
07 | Amy Vezza | The following Last Call announcement was sent out (ends 2019-03-18): From: The IESG To: IETF-Announce CC: morrowc@ops-netman.net, sidrops@ietf.org, sidrops-chairs@ietf.org, Chris Morrow , … The following Last Call announcement was sent out (ends 2019-03-18): From: The IESG To: IETF-Announce CC: morrowc@ops-netman.net, sidrops@ietf.org, sidrops-chairs@ietf.org, Chris Morrow , draft-ietf-sidrops-https-tal@ietf.org, warren@kumari.net Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Resource Public Key Infrastructure (RPKI) Trust Anchor Locator) to Proposed Standard The IESG has received a request from the SIDR Operations WG (sidrops) to consider the following document: - 'Resource Public Key Infrastructure (RPKI) Trust Anchor Locator' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2019-03-18. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document defines a Trust Anchor Locator (TAL) for the Resource Public Key Infrastructure (RPKI). TALs allow Relying Parties in the RPKI to download the current Trust Anchor (TA) CA certificate from one or more locations, and verify that the key of this self-signed certificate matches the key on the TAL. Thus, Relying Parties can be configured with TA keys, but allow these TAs to change the content of their CA certificate. In particular it allows TAs to change the set of Internet Number Resources included in the RFC3779 extension of their certificate. This document obsoletes the previous definition of Trust Anchor Locators in RFC 7730 by adding support for HTTPS URIs. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/ballot/ No IPR declarations have been submitted directly on this I-D. |
2019-03-04
|
07 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2019-03-04
|
07 | Warren Kumari | Last call was requested |
2019-03-04
|
07 | Warren Kumari | Last call announcement was generated |
2019-03-04
|
07 | Warren Kumari | Ballot approval text was generated |
2019-03-04
|
07 | Warren Kumari | Ballot writeup was generated |
2019-03-04
|
07 | Warren Kumari | IESG state changed to Last Call Requested from Publication Requested |
2019-03-04
|
07 | Tim Bruijnzeels | New version available: draft-ietf-sidrops-https-tal-07.txt |
2019-03-04
|
07 | (System) | New version approved |
2019-03-04
|
07 | (System) | Request for posting confirmation emailed to previous authors: Tim Bruijnzeels , George Michaelson , Geoff Huston , Samuel Weiler , Stephen Kent |
2019-03-04
|
07 | Tim Bruijnzeels | Uploaded new revision |
2019-02-27
|
06 | Chris Morrow | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated 24 February 2012. (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? PROPOSED Standard (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary "This document defines a Trust Anchor Locator (TAL) for the Resource Public Key Infrastructure (RPKI). TALs allow Relying Parties in the RPKI to download the current Trust Anchor (TA) CA certificate from one or more locations, and verify that the key of this self-signed certificate matches the key on the TAL. Thus, Relying Parties can be configured with TA keys, but allow these TAs to change the content of their CA certificate. In particular it allows TAs to change the set of Internet Number Resources included in the RFC3779 extension of their certificate. This document obsoletes the previous definition of Trust Anchor Locators in RFC 7730 by adding support for HTTPS URIs." Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? Nothing in the WG that was overly noteworthy, good discussion and back/forth on changes. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? This document obsoletes an existing implementation replacing it with new implementations. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Shepherd: Chris Morrow - morrowc@ops-netman.net AD: Warren Kumari - warren@kumari.net (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document was reviewed in it's original form (RFC7730) and in it's new form as seen in this version. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? no concerns from the shepherd (me). (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. I don't believe any special reviews are required. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. no concerns (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why. Each author has noted no IPR claims. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. N/A (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? As solid as any SIDR/SIDROPS consensus has been :) (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) no appeals. (11) Identify any ID nits the Document Shepherd has found in this document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. There is no IANA section, but that is not required for this document. There are 2 downrefs which will be dealt with at auth48 time. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. no reviews were required. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? no (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. yes: Downref: Normative reference to an Informational RFC: RFC 5781 Downref: Normative reference to an Informational RFC: RFC 6480 (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. Yes, it should obsolete the URL portions of RFC 7730 (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). no review required for a section which does not exist. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. none. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. none required. |
2019-02-27
|
06 | Chris Morrow | Proposed, Internet.. who knows how this works?? :( I pick 'internet' because it's after 'proposed' which is the top.. which SEEMS to be: "final state … Proposed, Internet.. who knows how this works?? :( I pick 'internet' because it's after 'proposed' which is the top.. which SEEMS to be: "final state is the top state!" :( of course I always pick this wrong! |
2019-02-27
|
06 | Chris Morrow | Intended Status changed to Proposed Standard from Internet Standard |
2019-02-26
|
06 | Chris Morrow | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated 24 February 2012. (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Internet Standard (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary "This document defines a Trust Anchor Locator (TAL) for the Resource Public Key Infrastructure (RPKI). TALs allow Relying Parties in the RPKI to download the current Trust Anchor (TA) CA certificate from one or more locations, and verify that the key of this self-signed certificate matches the key on the TAL. Thus, Relying Parties can be configured with TA keys, but allow these TAs to change the content of their CA certificate. In particular it allows TAs to change the set of Internet Number Resources included in the RFC3779 extension of their certificate. This document obsoletes the previous definition of Trust Anchor Locators in RFC 7730 by adding support for HTTPS URIs." Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? Nothing in the WG that was overly noteworthy, good discussion and back/forth on changes. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? This document obsoletes an existing implementation replacing it with new implementations. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Shepherd: Chris Morrow - morrowc@ops-netman.net AD: Warren Kumari - warren@kumari.net (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document was reviewed in it's original form (RFC7730) and in it's new form as seen in this version. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? no concerns from the shepherd (me). (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. I don't believe any special reviews are required. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. no concerns (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why. Each author has noted no IPR claims. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. N/A (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? As solid as any SIDR/SIDROPS consensus has been :) (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) no appeals. (11) Identify any ID nits the Document Shepherd has found in this document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. There is no IANA section, but that is not required for this document. There are 2 downrefs which will be dealt with at auth48 time. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. no reviews were required. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? no (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. yes: Downref: Normative reference to an Informational RFC: RFC 5781 Downref: Normative reference to an Informational RFC: RFC 6480 (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. Yes, it should obsolete the URL portions of RFC 7730 (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). no review required for a section which does not exist. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. none. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. none required. |
2019-02-26
|
06 | Chris Morrow | Responsible AD changed to Warren Kumari |
2019-02-26
|
06 | Chris Morrow | IETF WG state changed to Submitted to IESG for Publication from WG Document |
2019-02-26
|
06 | Chris Morrow | IESG state changed to Publication Requested from I-D Exists |
2019-02-26
|
06 | Chris Morrow | IESG process started in state Publication Requested |
2019-02-26
|
06 | Chris Morrow | As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated … As required by RFC 4858, this is the current template for the Document Shepherd Write-Up. Changes are expected over time. This version is dated 24 February 2012. (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Internet Standard (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary "This document defines a Trust Anchor Locator (TAL) for the Resource Public Key Infrastructure (RPKI). TALs allow Relying Parties in the RPKI to download the current Trust Anchor (TA) CA certificate from one or more locations, and verify that the key of this self-signed certificate matches the key on the TAL. Thus, Relying Parties can be configured with TA keys, but allow these TAs to change the content of their CA certificate. In particular it allows TAs to change the set of Internet Number Resources included in the RFC3779 extension of their certificate. This document obsoletes the previous definition of Trust Anchor Locators in RFC 7730 by adding support for HTTPS URIs." Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? Nothing in the WG that was overly noteworthy, good discussion and back/forth on changes. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? This document obsoletes an existing implementation replacing it with new implementations. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Shepherd: Chris Morrow - morrowc@ops-netman.net AD: Warren Kumari - warren@kumari.net (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document was reviewed in it's original form (RFC7730) and in it's new form as seen in this version. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? no concerns from the shepherd (me). (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. I don't believe any special reviews are required. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. no concerns (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why. Each author has noted no IPR claims. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. N/A (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? As solid as any SIDR/SIDROPS consensus has been :) (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) no appeals. (11) Identify any ID nits the Document Shepherd has found in this document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. There is no IANA section, but that is not required for this document. There are 2 downrefs which will be dealt with at auth48 time. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. no reviews were required. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? no (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. yes: Downref: Normative reference to an Informational RFC: RFC 5781 Downref: Normative reference to an Informational RFC: RFC 6480 (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. Yes, it should obsolete the URL portions of RFC 7730 (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). no review required for a section which does not exist. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. none. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. none required. |
2019-02-26
|
06 | Chris Morrow | Notification list changed to Chris Morrow <morrowc@ops-netman.net> |
2019-02-26
|
06 | Chris Morrow | Document shepherd changed to Chris Morrow |
2019-02-26
|
06 | Chris Morrow | Changed consensus to Yes from Unknown |
2019-02-26
|
06 | Chris Morrow | Intended Status changed to Internet Standard from None |
2019-01-23
|
06 | Tim Bruijnzeels | New version available: draft-ietf-sidrops-https-tal-06.txt |
2019-01-23
|
06 | (System) | New version approved |
2019-01-23
|
06 | (System) | Request for posting confirmation emailed to previous authors: Tim Bruijnzeels , George Michaelson , Geoff Huston , Samuel Weiler , Stephen Kent |
2019-01-23
|
06 | Tim Bruijnzeels | Uploaded new revision |
2018-10-11
|
05 | Tim Bruijnzeels | New version available: draft-ietf-sidrops-https-tal-05.txt |
2018-10-11
|
05 | (System) | New version approved |
2018-10-11
|
05 | (System) | Request for posting confirmation emailed to previous authors: Tim Bruijnzeels , George Michaelson , Geoff Huston , Samuel Weiler , Stephen Kent |
2018-10-11
|
05 | Tim Bruijnzeels | Uploaded new revision |
2018-07-26
|
04 | Tim Bruijnzeels | New version available: draft-ietf-sidrops-https-tal-04.txt |
2018-07-26
|
04 | (System) | New version approved |
2018-07-26
|
04 | (System) | Request for posting confirmation emailed to previous authors: Tim Bruijnzeels , George Michaelson , Geoff Huston , Samuel Weiler , Stephen Kent |
2018-07-26
|
04 | Tim Bruijnzeels | Uploaded new revision |
2018-06-08
|
03 | Tim Bruijnzeels | New version available: draft-ietf-sidrops-https-tal-03.txt |
2018-06-08
|
03 | (System) | New version approved |
2018-06-08
|
03 | (System) | Request for posting confirmation emailed to previous authors: George Michaelson , sidrops-chairs@ietf.org, Tim Bruijnzeels , Geoff Huston , Samuel Weiler , Stephen Kent |
2018-06-08
|
03 | Tim Bruijnzeels | Uploaded new revision |
2018-04-30
|
02 | Tim Bruijnzeels | New version available: draft-ietf-sidrops-https-tal-02.txt |
2018-04-30
|
02 | (System) | New version approved |
2018-04-30
|
02 | (System) | Request for posting confirmation emailed to previous authors: George Michaelson , sidrops-chairs@ietf.org, Samuel Weiler , Stephen Kent , Tim Bruijnzeels , Geoff Huston |
2018-04-30
|
02 | Tim Bruijnzeels | Uploaded new revision |
2018-03-30
|
01 | Tim Bruijnzeels | New version available: draft-ietf-sidrops-https-tal-01.txt |
2018-03-30
|
01 | (System) | New version approved |
2018-03-30
|
01 | (System) | Request for posting confirmation emailed to previous authors: sidrops-chairs@ietf.org, Tim Bruijnzeels , George Michaelson |
2018-03-30
|
01 | Tim Bruijnzeels | Uploaded new revision |
2018-03-20
|
00 | Chris Morrow | This document now replaces draft-tbruijnzeels-sidrops-https-tal instead of None |
2018-03-20
|
00 | Tim Bruijnzeels | New version available: draft-ietf-sidrops-https-tal-00.txt |
2018-03-20
|
00 | (System) | WG -00 approved |
2018-03-20
|
00 | Tim Bruijnzeels | Set submitter to "Tim Bruijnzeels ", replaces to draft-tbruijnzeels-sidrops-https-tal and sent approval email to group chairs: sidrops-chairs@ietf.org |
2018-03-20
|
00 | Tim Bruijnzeels | Uploaded new revision |