RFC 9691

A Profile for Resource Public Key Infrastructure (RPKI) Trust Anchor Keys (TAKs), December 2024

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Also available: XML file for editing
 
Status:
PROPOSED STANDARD
Authors:
C. Martinez
G. Michaelson
T. Harrison
T. Bruijnzeels
R. Austein
Stream:
IETF
Source:
sidrops (ops)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9691

Discuss this RFC: Send questions or comments to the mailing list sidrops@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9691


Abstract

A Trust Anchor Locator (TAL) is used by Relying Parties (RPs) in the Resource Public Key Infrastructure (RPKI) to locate and validate a Trust Anchor (TA) Certification Authority (CA) certificate used in RPKI validation. This document defines an RPKI signed object for a Trust Anchor Key (TAK). A TAK object can be used by a TA to signal to RPs the location(s) of the accompanying CA certificate for the current public key, as well as the successor public key and the location(s) of its CA certificate. This object helps to support planned key rollovers without impacting RPKI validation.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search