RFC 8630

Resource Public Key Infrastructure (RPKI) Trust Anchor Locator, August 2019

File formats:
icon for text file icon for PDF icon for HTML
Status:
PROPOSED STANDARD
Obsoletes:
RFC 7730
Authors:
G. Huston
S. Weiler
G. Michaelson
S. Kent
T. Bruijnzeels
Stream:
IETF
Source:
sidrops (ops)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8630

Discuss this RFC: Send questions or comments to sidrops@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document defines a Trust Anchor Locator (TAL) for the Resource Public Key Infrastructure (RPKI). The TAL allows Relying Parties in the RPKI to download the current Trust Anchor (TA) Certification Authority (CA) certificate from one or more locations and verify that the key of this self-signed certificate matches the key on the TAL. Thus, Relying Parties can be configured with TA keys but can allow these TAs to change the content of their CA certificate. In particular, it allows TAs to change the set of IP Address Delegations and/or Autonomous System Identifier Delegations included in the extension(s) (RFC 3779) of their certificate.

This document obsoletes the previous definition of the TAL as provided in RFC 7730 by adding support for Uniform Resource Identifiers (URIs) (RFC 3986) that use HTTP over TLS (HTTPS) (RFC 7230) as the scheme.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader