RFC 9691
A Profile for Resource Public Key Infrastructure (RPKI) Trust Anchor Keys (TAKs), December 2024
- File formats:
- Also available: XML file for editing
- Status:
- PROPOSED STANDARD
- Authors:
- C. Martinez
G. Michaelson
T. Harrison
T. Bruijnzeels
R. Austein - Stream:
- IETF
- Source:
- sidrops (ops)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9691
Discuss this RFC: Send questions or comments to the mailing list sidrops@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9691
Abstract
A Trust Anchor Locator (TAL) is used by Relying Parties (RPs) in the Resource Public Key Infrastructure (RPKI) to locate and validate a Trust Anchor (TA) Certification Authority (CA) certificate used in RPKI validation. This document defines an RPKI signed object for a Trust Anchor Key (TAK). A TAK object can be used by a TA to signal to RPs the location(s) of the accompanying CA certificate for the current public key, as well as the successor public key and the location(s) of its CA certificate. This object helps to support planned key rollovers without impacting RPKI validation.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.