Manifests for the Resource Public Key Infrastructure (RPKI)
draft-ymbk-sidrops-6486bis-00

Document Type Expired Internet-Draft (individual)
Authors Rob Austein  , Geoff Huston  , Stephen Kent  , Matt Lepinski 
Last updated 2021-01-07 (latest revision 2020-07-06)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ymbk-sidrops-6486bis-00.txt

Abstract

This document defines a "manifest" for use in the Resource Public Key Infrastructure (RPKI). A manifest is a signed object (file) that contains a listing of all the signed objects (files) in the repository publication point (directory) associated with an authority responsible for publishing in the repository. For each certificate, Certificate Revocation List (CRL), or other type of signed objects issued by the authority that are published at this repository publication point, the manifest contains both the name of the file containing the object and a hash of the file content. Manifests are intended to enable a relying party (RP) to detect certain forms of attacks against a repository. Specifically, if an RP checks a manifest's contents against the signed objects retrieved from a repository publication point, then the RP can detect "stale" (valid) data and deletion of signed objects.

Authors

Rob Austein (sra@hactrn.net)
Geoff Huston (gih@apnic.net)
Stephen Kent (kkent@alum.mit.edu)
Matt Lepinski (mlepinski@ncf.edu)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)