Diff: draft-ietf-sidrops-rpki-tree-validation-01.txt - draft-ietf-sidrops-rpki-tree-validation-02.txt

	draft-ietf-sidrops-rpki-tree-validation-01.txt	draft-ietf-sidrops-rpki-tree-validation-02.txt

	SIDR Operations O. Muravskiy	SIDR Operations O. Muravskiy

	Internet-Draft T. Bruijnzeels	Internet-Draft RIPE NCC
	Intended status: Informational RIPE NCC	Intended status: Informational T. Bruijnzeels
	Expires: January 20, 2018 July 19, 2017	Expires: December 30, 2018 NLNetLabs
		June 28, 2018

	RPKI Certificate Tree Validation by the RIPE NCC RPKI Validator	RPKI Certificate Tree Validation by the RIPE NCC RPKI Validator

	draft-ietf-sidrops-rpki-tree-validation-01	draft-ietf-sidrops-rpki-tree-validation-02

	Abstract	Abstract

	This document describes the approach to validate the content of the	This document describes the approach to validate the content of the
	RPKI certificate tree, as it is implemented in the RIPE NCC RPKI	RPKI certificate tree, as it is implemented in the RIPE NCC RPKI
	Validator. This approach is independent of a particular object	Validator. This approach is independent of a particular object
	retrieval mechanism. This allows it to be used with repositories	retrieval mechanism. This allows it to be used with repositories
	available over the rsync protocol, the RPKI Repository Delta	available over the rsync protocol, the RPKI Repository Delta
	Protocol, and repositories that use a mix of both.	Protocol, and repositories that use a mix of both.

	Status of This Memo	Status of This Memo

	This Internet-Draft is submitted in full conformance with the	This Internet-Draft is submitted in full conformance with the
	provisions of BCP 78 and BCP 79.	provisions of BCP 78 and BCP 79.

	Internet-Drafts are working documents of the Internet Engineering	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-	working documents as Internet-Drafts. The list of current Internet-

	Drafts is at http://datatracker.ietf.org/drafts/current/.	Drafts is at https://datatracker.ietf.org/drafts/current/.

	Internet-Drafts are draft documents valid for a maximum of six months	Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."	material or to cite them other than as "work in progress."


	This Internet-Draft will expire on January 20, 2018.	This Internet-Draft will expire on December 30, 2018.

	Copyright Notice	Copyright Notice


	Copyright (c) 2017 IETF Trust and the persons identified as the	Copyright (c) 2018 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents	Provisions Relating to IETF Documents

	(http://trustee.ietf.org/license-info) in effect on the date of	(https://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents	publication of this document. Please review these documents
	carefully, as they describe your rights and restrictions with respect	carefully, as they describe your rights and restrictions with respect
	to this document. Code Components extracted from this document must	to this document. Code Components extracted from this document must
	include Simplified BSD License text as described in Section 4.e of	include Simplified BSD License text as described in Section 4.e of
	the Trust Legal Provisions and are provided without warranty as	the Trust Legal Provisions and are provided without warranty as
	described in the Simplified BSD License.	described in the Simplified BSD License.

	Table of Contents	Table of Contents

	1. Scope of this document . . . . . . . . . . . . . . . . . . . 3	1. Scope of this document . . . . . . . . . . . . . . . . . . . 3

	skipping to change at page 14, line 33 ¶	skipping to change at page 14, line 33 ¶
	10.1. Normative References	10.1. Normative References

	[I-D.ietf-sidr-delta-protocol]	[I-D.ietf-sidr-delta-protocol]
	Bruijnzeels, T., Muravskiy, O., Weber, B., and R. Austein,	Bruijnzeels, T., Muravskiy, O., Weber, B., and R. Austein,
	"RPKI Repository Delta Protocol (RRDP)", draft-ietf-sidr-	"RPKI Repository Delta Protocol (RRDP)", draft-ietf-sidr-
	delta-protocol-08 (work in progress), March 2017.	delta-protocol-08 (work in progress), March 2017.

	[I-D.ietf-sidr-rpki-validation-reconsidered]	[I-D.ietf-sidr-rpki-validation-reconsidered]
	Huston, G., Michaelson, G., Martinez, C., Bruijnzeels, T.,	Huston, G., Michaelson, G., Martinez, C., Bruijnzeels, T.,
	Newton, A., and D. Shaw, "RPKI Validation Reconsidered",	Newton, A., and D. Shaw, "RPKI Validation Reconsidered",

	draft-ietf-sidr-rpki-validation-reconsidered-08 (work in	draft-ietf-sidr-rpki-validation-reconsidered-10 (work in
	progress), June 2017.	progress), December 2017.

	[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,	[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
	Housley, R., and W. Polk, "Internet X.509 Public Key	Housley, R., and W. Polk, "Internet X.509 Public Key
	Infrastructure Certificate and Certificate Revocation List	Infrastructure Certificate and Certificate Revocation List
	(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,	(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,

	<http://www.rfc-editor.org/info/rfc5280>.	<https://www.rfc-editor.org/info/rfc5280>.

	[RFC6481] Huston, G., Loomans, R., and G. Michaelson, "A Profile for	[RFC6481] Huston, G., Loomans, R., and G. Michaelson, "A Profile for
	Resource Certificate Repository Structure", RFC 6481,	Resource Certificate Repository Structure", RFC 6481,
	DOI 10.17487/RFC6481, February 2012,	DOI 10.17487/RFC6481, February 2012,

	<http://www.rfc-editor.org/info/rfc6481>.	<https://www.rfc-editor.org/info/rfc6481>.

	[RFC6482] Lepinski, M., Kent, S., and D. Kong, "A Profile for Route	[RFC6482] Lepinski, M., Kent, S., and D. Kong, "A Profile for Route
	Origin Authorizations (ROAs)", RFC 6482,	Origin Authorizations (ROAs)", RFC 6482,
	DOI 10.17487/RFC6482, February 2012,	DOI 10.17487/RFC6482, February 2012,

	<http://www.rfc-editor.org/info/rfc6482>.	<https://www.rfc-editor.org/info/rfc6482>.

	[RFC6485] Huston, G., "The Profile for Algorithms and Key Sizes for	[RFC6485] Huston, G., "The Profile for Algorithms and Key Sizes for
	Use in the Resource Public Key Infrastructure (RPKI)",	Use in the Resource Public Key Infrastructure (RPKI)",
	RFC 6485, DOI 10.17487/RFC6485, February 2012,	RFC 6485, DOI 10.17487/RFC6485, February 2012,

	<http://www.rfc-editor.org/info/rfc6485>.	<https://www.rfc-editor.org/info/rfc6485>.

	[RFC6486] Austein, R., Huston, G., Kent, S., and M. Lepinski,	[RFC6486] Austein, R., Huston, G., Kent, S., and M. Lepinski,
	"Manifests for the Resource Public Key Infrastructure	"Manifests for the Resource Public Key Infrastructure
	(RPKI)", RFC 6486, DOI 10.17487/RFC6486, February 2012,	(RPKI)", RFC 6486, DOI 10.17487/RFC6486, February 2012,

	<http://www.rfc-editor.org/info/rfc6486>.	<https://www.rfc-editor.org/info/rfc6486>.

	[RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for	[RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for
	X.509 PKIX Resource Certificates", RFC 6487,	X.509 PKIX Resource Certificates", RFC 6487,
	DOI 10.17487/RFC6487, February 2012,	DOI 10.17487/RFC6487, February 2012,

	<http://www.rfc-editor.org/info/rfc6487>.	<https://www.rfc-editor.org/info/rfc6487>.

	[RFC6488] Lepinski, M., Chi, A., and S. Kent, "Signed Object	[RFC6488] Lepinski, M., Chi, A., and S. Kent, "Signed Object
	Template for the Resource Public Key Infrastructure	Template for the Resource Public Key Infrastructure
	(RPKI)", RFC 6488, DOI 10.17487/RFC6488, February 2012,	(RPKI)", RFC 6488, DOI 10.17487/RFC6488, February 2012,

	<http://www.rfc-editor.org/info/rfc6488>.	<https://www.rfc-editor.org/info/rfc6488>.

	[RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI)	[RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI)
	Ghostbusters Record", RFC 6493, DOI 10.17487/RFC6493,	Ghostbusters Record", RFC 6493, DOI 10.17487/RFC6493,

	February 2012, <http://www.rfc-editor.org/info/rfc6493>.	February 2012, <https://www.rfc-editor.org/info/rfc6493>.

	[RFC7730] Huston, G., Weiler, S., Michaelson, G., and S. Kent,	[RFC7730] Huston, G., Weiler, S., Michaelson, G., and S. Kent,
	"Resource Public Key Infrastructure (RPKI) Trust Anchor	"Resource Public Key Infrastructure (RPKI) Trust Anchor
	Locator", RFC 7730, DOI 10.17487/RFC7730, January 2016,	Locator", RFC 7730, DOI 10.17487/RFC7730, January 2016,

	<http://www.rfc-editor.org/info/rfc7730>.	<https://www.rfc-editor.org/info/rfc7730>.

	10.2. Informative References	10.2. Informative References


	[github] "RIPE NCC RPKI Validator on GitHub", <https://github.com/	[github] "RIPE NCC RPKI Validator on GitHub",
	RIPE-NCC/rpki-validator>.	<https://github.com/RIPE-NCC/rpki-validator>.

	[rsync] "Rsync home page", <https://rsync.samba.org>.	[rsync] "Rsync home page", <https://rsync.samba.org>.

	Authors' Addresses	Authors' Addresses

	Oleg Muravskiy	Oleg Muravskiy
	RIPE NCC	RIPE NCC

	Email: oleg@ripe.net	Email: oleg@ripe.net

		URI: https://www.ripe.net/
	Tim Bruijnzeels	Tim Bruijnzeels

	RIPE NCC	NLNetLabs


	Email: tim@ripe.net	Email: tim@nlnetlabs.nl
		URI: https://www.nlnetlabs.nl/

End of changes. 20 change blocks.
	23 lines changed or deleted	24 lines changed or added
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/