Technical Summary
This document defines a "manifest" for use in the Resource Public Key
Infrastructure (RPKI). A manifest is a signed object (file) that
contains a listing of all the signed objects (files) in the
repository publication point (directory) associated with an authority
responsible for publishing in the repository. For each certificate,
Certificate Revocation List (CRL), or other type of signed objects
issued by the authority that are published at this repository
publication point, the manifest contains both the name of the file
containing the object and a hash of the file content. Manifests are
intended to enable a relying party (RP) to detect certain forms of
attacks against a repository. Specifically, if an RP checks a
manifest's contents against the signed objects retrieved from a
repository publication point, then the RP can detect "stale" (valid)
data and deletion of signed objects.
This document is an update (-bis) to RFC 6486.
Working Group Summary
There was quite a long and thorough discussion of this document in the WG. With a large sea change in management of the Manifest and publication-point data repositories proposed and agreed-upon by the group and authors.
Document Quality
This is a -bis for an existing document, there is quite a bit of deployed infrastructure / implementations of the prior document, and most have now shifted to this new document as a response to some operational issues experienced in the field.
Personnel
Document Shepherd (DS): Chris Morrow (morrowc@ops-netman.net)
Responsible AD (RAD!!!): Warren Kumari (warren@kumari.net)