1 / 7

Updates to the RPKI Certificate Policy

Updates to the RPKI Certificate Policy. Steve Kent BBN Technologies. Reminder: What is the RPKI CP?. There is exactly one CP for the whole RPKI All CA’s operating in the RPKI MUST include the OID for the CP in every (RPKI) certificate they issue

pules
Download Presentation

Updates to the RPKI Certificate Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Updates to the RPKI Certificate Policy Steve Kent BBN Technologies

  2. Reminder: What is the RPKI CP? • There is exactly one CP for the whole RPKI • All CA’s operating in the RPKI MUST include the OID for the CP in every (RPKI) certificate they issue • Thus, all prospective RPKI CA’s (IANA, RIRs, NIRs, LIRs/ISPs) REALLY OUGHT to pay attention to this document, and provide feedback!

  3. Top Level View of Changes • In response to comments from Andrei at IETF 73, we revised the CP to move details to the CPS, where appropriate • Reduced page count from 47 to 41 (despite adding new boilerplate) • Could probably drop a few more pages if we move the audit outline to the CPS too • Changed scope to be broader, not just ROAs

  4. What was Moved • Time constraints to publish a new certificate or CRL • Enrollment details • Time constraints for notification of certificate issuance • CRL issuance frequency

  5. What was Removed • Requirement to publish a new ROA before the old one expires • Requirement for CAs to perform PoP • All sections marked “omitted” were deleted (but section numbering was retained) • Some informative references • Discussions of the default TA model

  6. What Next? • This document is not likely to become much smaller • Attorneys who have experience with PKI documents would see this as very reasonable in size and scope • They also appreciate the parallelism to RFC 3647 • I’d like to request review, again, by any party who will act as a CA in the RPKI • Then, let’s go to WGLC

  7. Questions?

More Related