Router Keying for BGPsec

The information below is for an old version of the document
Document Type Expired Internet-Draft (sidr WG)
Authors Sean Turner  , Keyur Patel  , Randy Bush 
Last updated 2014-11-24 (latest revision 2014-05-23)
Replaces draft-ymbk-bgpsec-rtr-rekeying
Replaced by RFC 8635, RFC 8635
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized bibtex
Additional Resources
- Mailing list discussion
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


BGPsec-speaking routers are provisioned with private keys to sign BGP messages; the corresponding public keys are published in the global RPKI (Resource Public Key Infrastructure) thereby enabling verification of BGPsec messages. This document describes two ways of provisioning the public-private key-pairs: router-driven and operator-driven.


Sean Turner (
Keyur Patel (
Randy Bush (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)