Resource Public Key Infrastructure (RPKI) Trust Anchor Locator
draft-ietf-sidrops-https-tal-08

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: morrowc@ops-netman.net, The IESG <iesg@ietf.org>, sidrops@ietf.org, sidrops-chairs@ietf.org, Chris Morrow <morrowc@ops-netman.net>, draft-ietf-sidrops-https-tal@ietf.org, warren@kumari.net, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'Resource Public Key Infrastructure (RPKI) Trust Anchor Locator' to Proposed Standard (draft-ietf-sidrops-https-tal-08.txt)

The IESG has approved the following document:
- 'Resource Public Key Infrastructure (RPKI) Trust Anchor Locator'
  (draft-ietf-sidrops-https-tal-08.txt) as Proposed Standard

This document is the product of the SIDR Operations Working Group.

The IESG contact persons are Warren Kumari and Ignas Bagdonas.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-sidrops-https-tal/


Technical Summary

   This document defines a Trust Anchor Locator (TAL) for the Resource
   Public Key Infrastructure (RPKI).  TALs allow Relying Parties in the
   RPKI to download the current Trust Anchor (TA) CA certificate from
   one or more locations, and verify that the key of this self-signed
   certificate matches the key on the TAL.  Thus, Relying Parties can be
   configured with TA keys, but allow these TAs to change the content of
   their CA certificate.  In particular it allows TAs to change the set
   of Internet Number Resources included in the RFC3779 extension of
   their certificate.

   This document obsoletes the previous definition of Trust Anchor
   Locators in RFC 7730 by adding support for HTTPS URIs.

Working Group Summary

  Nothing in the WG that was overly noteworthy, 
  good discussion and back/forth on changes.


Document Quality

   This document obsoletes an existing implementation replacing it with new implementations.

Personnel

   Shepherd: Chris Morrow - morrowc@ops-netman.net
   AD: Warren Kumari - warren@kumari.net