BCP 224

RFC 8634

BGPsec Router Certificate Rollover, August 2019

File formats:
icon for text file icon for PDF icon for HTML
Status:
BEST CURRENT PRACTICE
Authors:
B. Weis
R. Gagliano
K. Patel
Stream:
IETF
Source:
sidrops (ops)

Cite this BCP: TXT

Discuss this RFC: Send questions or comments to iesg@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

Certification Authorities (CAs) within the Resource Public Key Infrastructure (RPKI) manage BGPsec router certificates as well as RPKI certificates. The rollover of BGPsec router certificates must be carefully performed in order to synchronize the distribution of router public keys with BGPsec UPDATE messages verified with those router public keys. This document describes a safe rollover process, and it discusses when and why the rollover of BGPsec router certificates is necessary. When this rollover process is followed, the rollover will be performed without routing information being lost.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader