RFC 9286

Manifests for the Resource Public Key Infrastructure (RPKI), June 2022

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML icon for inline errata
Also available: XML file for editing
 
Status:
PROPOSED STANDARD
Obsoletes:
RFC 6486
Authors:
R. Austein
G. Huston
S. Kent
M. Lepinski
Stream:
IETF
Source:
sidrops (ops)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9286

Discuss this RFC: Send questions or comments to the mailing list sidrops@ietf.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9286


Abstract

This document defines a "manifest" for use in the Resource Public Key Infrastructure (RPKI). A manifest is a signed object (file) that contains a listing of all the signed objects (files) in the repository publication point (directory) associated with an authority responsible for publishing in the repository. For each certificate, Certificate Revocation List (CRL), or other type of signed objects issued by the authority that are published at this repository publication point, the manifest contains both the name of the file containing the object and a hash of the file content. Manifests are intended to enable a relying party (RP) to detect certain forms of attacks against a repository. Specifically, if an RP checks a manifest's contents against the signed objects retrieved from a repository publication point, then the RP can detect replay attacks, and unauthorized in-flight modification or deletion of signed objects. This document obsoletes RFC 6486.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search