RFC 9589
On the Use of the Cryptographic Message Syntax (CMS) Signing-Time Attribute in Resource Public Key Infrastructure (RPKI) Signed Objects, May 2024
- File formats:
- Also available: XML file for editing
- Status:
- PROPOSED STANDARD
- Updates:
- RFC 6488
- Authors:
- J. Snijders
T. Harrison - Stream:
- IETF
- Source:
- sidrops (ops)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9589
Discuss this RFC: Send questions or comments to the mailing list sidrops@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9589
Abstract
In the Resource Public Key Infrastructure (RPKI), Signed Objects are defined as Cryptographic Message Syntax (CMS) protected content types. A Signed Object contains a signing-time attribute, representing the purported time at which the object was signed by its issuer. RPKI repositories are accessible using the rsync and RPKI Repository Delta protocols, allowing Relying Parties (RPs) to synchronize a local copy of the RPKI repository used for validation with the remote repositories. This document describes how the CMS signing-time attribute can be used to avoid needless retransfers of data when switching between different synchronization protocols. This document updates RFC 6488 by mandating the presence of the CMS signing-time attribute and disallowing the use of the binary-signing-time attribute.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.