Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI)
RFC 6489
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2020-01-21 |
08 | (System) | Received changes through RFC Editor sync (added Verified Errata tag) |
2015-10-14 |
08 | (System) | Notify list changed from sidr-chairs@ietf.org, draft-ietf-sidr-keyroll@ietf.org to (None) |
2012-02-06 |
08 | Amy Vezza | [Note]: changed to 'BCP 174' |
2012-02-06 |
08 | Amy Vezza | State changed to RFC Published from RFC Ed Queue. |
2012-02-03 |
08 | (System) | RFC published |
2011-07-21 |
08 | Cindy Morgan | State changed to RFC Ed Queue from Approved-announcement sent. |
2011-07-20 |
08 | (System) | IANA Action state changed to No IC from In Progress |
2011-07-19 |
08 | (System) | IANA Action state changed to In Progress |
2011-07-19 |
08 | Amy Vezza | IESG state changed to Approved-announcement sent |
2011-07-19 |
08 | Amy Vezza | IESG has approved the document |
2011-07-19 |
08 | Amy Vezza | Closed "Approve" ballot |
2011-07-19 |
08 | Amy Vezza | Approval announcement text regenerated |
2011-07-19 |
08 | Amy Vezza | Ballot writeup text changed |
2011-07-11 |
08 | (System) | New version available: draft-ietf-sidr-keyroll-08.txt |
2011-06-23 |
08 | Samuel Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Jürgen Schönwälder. |
2011-06-23 |
08 | Cindy Morgan | Removed from agenda for telechat |
2011-06-23 |
08 | Cindy Morgan | State changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation. |
2011-06-23 |
08 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-22 |
08 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-22 |
08 | Dan Romascanu | [Ballot comment] 1. I agree with Adrian's comment that the term 'conservative' in the introductory section needs to be explained or dropped 2. The note … [Ballot comment] 1. I agree with Adrian's comment that the term 'conservative' in the introductory section needs to be explained or dropped 2. The note in the IANA considerations section is for the RFC Editor - doesn't matter too much though as it instructs to take our the null content section. |
2011-06-22 |
08 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-22 |
08 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-22 |
08 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-21 |
08 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-21 |
08 | Peter Saint-Andre | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-21 |
08 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-21 |
08 | Stewart Bryant | State changed to IESG Evaluation from Waiting for AD Go-Ahead. |
2011-06-21 |
08 | Adrian Farrel | [Ballot comment] I have a couple of comments that don't merit a Discuss, but I would be grateful if the authors thought about them and … [Ballot comment] I have a couple of comments that don't merit a Discuss, but I would be grateful if the authors thought about them and made any necessary changes. --- I found Section 1... This document defines a conservative procedure ...ambiguous. I think that "conservative" needs to be qualified in some way. conservative with respect to conserving keys? Not changing keys often? Not requiring many messages? Not risking security? --- There are a couple of uses of SHOULD which I feel would benefit from an explanation of how/why a variation MAY be allowed. In one case, I am relatively sure you mean MUST rather than SHOULD, viz. To perform a key rollover operation the CA MUST perform the following steps in the order given here. Unless specified otherwise each step SHOULD be performed without any intervening delay. The process MUST be run through to completion. That is, the variance is already handled by "unless specified otherwise" so there is no further scope for variance. |
2011-06-21 |
08 | Adrian Farrel | [Ballot Position Update] New position, Yes, has been recorded |
2011-06-20 |
08 | David Harrington | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-20 |
08 | Wesley Eddy | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-20 |
08 | Sean Turner | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-19 |
08 | Pete Resnick | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-17 |
08 | Stephen Farrell | [Ballot comment] 4.1 - is it really wise to encourage (even obliquely) re-use of serial numbers? I'd say s/MAY change/SHOULD change/ there would be better. … [Ballot comment] 4.1 - is it really wise to encourage (even obliquely) re-use of serial numbers? I'd say s/MAY change/SHOULD change/ there would be better. If making that change, it'd be good to say when its ok to re-use serial numbers - that could be when an internal DB design uses certificate.serialNumber as a DB key which may be silly but has been done. |
2011-06-17 |
08 | Stephen Farrell | [Ballot Position Update] New position, No Objection, has been recorded |
2011-06-17 |
08 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Jürgen Schönwälder |
2011-06-17 |
08 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Jürgen Schönwälder |
2011-06-17 |
08 | Stewart Bryant | Placed on agenda for telechat - 2011-06-23 |
2011-06-17 |
08 | Stewart Bryant | [Ballot Position Update] New position, Yes, has been recorded for Stewart Bryant |
2011-06-17 |
08 | Stewart Bryant | Ballot has been issued |
2011-06-17 |
08 | Stewart Bryant | Created "Approve" ballot |
2011-06-03 |
08 | Samuel Weiler | Assignment of request for Last Call review by SECDIR to Stefan Santesson was rejected |
2011-06-02 |
07 | (System) | New version available: draft-ietf-sidr-keyroll-07.txt |
2011-05-18 |
08 | (System) | State changed to Waiting for AD Go-Ahead from In Last Call. |
2011-05-10 |
08 | Amanda Baber | IANA understands that, upon approval of this document, there are no IANA Actions that need completion. |
2011-05-07 |
08 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Stefan Santesson |
2011-05-07 |
08 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Stefan Santesson |
2011-05-04 |
08 | Amy Vezza | Last call sent |
2011-05-04 |
08 | Amy Vezza | State changed to In Last Call from Last Call Requested. The following Last Call Announcement was sent out: From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> … State changed to In Last Call from Last Call Requested. The following Last Call Announcement was sent out: From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> CC: <sidr@ietf.org> Reply-To: ietf@ietf.org Subject: Last Call: <draft-ietf-sidr-keyroll-06.txt> (CA Key Rollover in the RPKI) to BCP The IESG has received a request from the Secure Inter-Domain Routing WG (sidr) to consider the following document: - 'CA Key Rollover in the RPKI' <draft-ietf-sidr-keyroll-06.txt> as a BCP The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2011-05-18. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-sidr-keyroll/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-sidr-keyroll/ No IPR declarations have been submitted directly on this I-D. |
2011-05-04 |
08 | Stewart Bryant | Ballot writeup text changed |
2011-05-04 |
08 | Stewart Bryant | Last Call was requested |
2011-05-04 |
08 | Stewart Bryant | State changed to Last Call Requested from Publication Requested. |
2011-05-04 |
08 | Stewart Bryant | Last Call text changed |
2011-05-04 |
08 | (System) | Ballot writeup text was added |
2011-05-04 |
08 | (System) | Last call text was added |
2011-05-04 |
08 | (System) | Ballot approval text was added |
2011-03-31 |
08 | Cindy Morgan | Responsible AD has been changed to Stewart Bryant from Adrian Farrel |
2011-03-31 |
08 | Cindy Morgan | (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the … (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? The document shepherd is Sandra Murphy, sidr co-chair. The document shepherd has personally reviewed the document. No issues were discovered that would prevent advancement. This document is ready for forwarding to the IESG. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? This document was created in July 2010 by extraction of a portion of the res-certs draft that had been in the draft for two years. So while the working group has not had a long opportunity to review the draft separately, the text has been subject to review as part of the parent draft for quite a while. On its own, it was presented at the IETF 79. The working group last call brought forth a few comments that were quickly dealt with. The shepherd has no concerns about the level of review of the draft. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? No, the document shepherd has no concerns about this document. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. The document shepherd has no concerns with advancing this document. No IPR claims have been filed against this document. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The working group has actively participated in discussions of this topic, on list and in IETF presentations. The last call response indicated broad support. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) No appeals have been issued or threatened for this document. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See the Internet-Drafts Checklist and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews? The tools site idnits tool reports: Summary: 0 errors (**), 1 warning (==), 1 comment (--). The warning is a formatting issue with form feeds and the comment has to do with the document date. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. Yes, the document has split its references into normative and informative sections. This document relies normatively on several other working group documents that are advancing at the same time or have been through last call and are awaiting a final version addressing minor comments. This document is intended for BCP status and one reference is a standards track draft. The idnits tool does not signal a downref problem with that reference. The general issue of producing a BCP document with references to standards track documents has been raised with the routing ADs as it occurs with other drafts in the working group. (1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC5226]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation? The IANA Considerations section exists, is consistent with the document, and does not create a new registry or entries in an existing registry. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? This document has no formal language to verify. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction. Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? Technical Summary This document describes how a Certification Authority (CA) in the Resource Public Key Infrastructure (RPKI) performs a planned rollover of its key pair. This document also notes the implications of this key rollover procedure for Relying Parties (RPs). In general, RPs are expected to maintain a local cache of the objects that have been published in the RPKI repository, and thus the way in which a CA performs key rollover impacts RPs. Working Group Summary The most contentious issue in the progress of this draft was an issue raised shortly after the wglc ended. The issue was discussed vigorously on the list (between a small number of members) and a change in requirements level was made, but that did not totally answer the original commenter. There was broad support for the draft during the wglc and consensus was not reached on the technical change suggested in this last discussion, so the document was progressed with the compromise requirement change only. The member bringing the issue to the list is resigned to the outcome. Document Quality This is another case in this working group in which a section of a document of long standing has been lifted out to be a draft of its own. This draft had been a topic in the res-certs profile and was extracted when the working group was asked by the security ADs to provide a plan for algorithm agility and key rollover. As such it has had the benefit of a long history of reviews of the parent document. |
2011-03-31 |
08 | Cindy Morgan | Draft added in state Publication Requested |
2011-03-31 |
08 | Cindy Morgan | [Note]: 'Sandra Murphy (Sandra.Murphy@sparta.com) is the document shepherd.' added |
2011-02-22 |
06 | (System) | New version available: draft-ietf-sidr-keyroll-06.txt |
2010-12-02 |
05 | (System) | New version available: draft-ietf-sidr-keyroll-05.txt |
2010-11-09 |
04 | (System) | New version available: draft-ietf-sidr-keyroll-04.txt |
2010-10-24 |
03 | (System) | New version available: draft-ietf-sidr-keyroll-03.txt |
2010-10-07 |
02 | (System) | New version available: draft-ietf-sidr-keyroll-02.txt |
2010-09-30 |
01 | (System) | New version available: draft-ietf-sidr-keyroll-01.txt |
2010-09-29 |
00 | (System) | New version available: draft-ietf-sidr-keyroll-00.txt |