Resource Public Key Infrastructure (RPKI) Validation Reconsidered
draft-ietf-sidr-rpki-validation-reconsidered-10

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-sidr-rpki-validation-reconsidered@ietf.org, aretana.ietf@gmail.com, morrowc@ops-netman.net, Chris Morrow <morrowc@ops-netman.net>, sidr-chairs@ietf.org, sidr@ietf.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'RPKI Validation Reconsidered' to Proposed Standard (draft-ietf-sidr-rpki-validation-reconsidered-10.txt)

The IESG has approved the following document:
- 'RPKI Validation Reconsidered'
  (draft-ietf-sidr-rpki-validation-reconsidered-10.txt) as Proposed Standard

This document is the product of the Secure Inter-Domain Routing Working Group.

The IESG contact persons are Alvaro Retana, Alia Atlas and Deborah Brungard.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-sidr-rpki-validation-reconsidered/


Technical Summary

   This document specifies an alternative to the certificate validation
   procedure specified in RFC 6487 that reduces aspects of operational
   fragility in the management of certificates in the RPKI, while
   retaining essential security features.

   The use of this updated procedure is signalled by form of a set of
   alternative Object Identifiers (OIDs) indicating that the alternative
   version of RFC 3779 X.509 Extensions for IP Addresses and AS
   Identifiers, and certificate policy for the Resource Public Key
   Infrastructure (RFC 6484) defined in this document should be used.

   Furthermore this document provides an alternative to ROA (RFC 6482),
   and BGPSec Router Certificate (BGPSec PKI Profiles - publication
   requested) validation.

Working Group Summary

  The discussion of this document in the WG was contentious at the start, 
  but it eventually settled and consensus was reached.

Document Quality

  This is not a protocol change, but a mechanics change. The existing 
  CA/RP code implementations will support this once published.

Personnel

  Shepherd: Chris Morrow (morrowc@ops-netman.net)
  Reponsible AD: Alvaro Retana (aretana@cisco.com)