RPKI Certificate Policy Status Update Stephen Kent.

Slides:

Advertisements

Similar presentations

A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.

Advertisements

HIP WG Stockholm, Sweden THURSDAY, July 30, 2009, Congresshall C.

RPKI Certificate Policy Status Update Stephen Kent.

ECRIT Virtual Interim Meeting 26th February, 2PM EST Marc Linsner Hannes Tschofenig.

RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Information Sciences Institute Recommendations for Transport Port Uses draft-ietf-tsvwg-port-use-05 IETF 91 - Honolulu Joe Touch, USC/ISI As presented.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Certificate Path Building draft-ietf-pkix-certpathbuild-01.txt Peter Hesse Matt Cooper Yuriy Dzambasow Susan Joseph Richard Nicholas.

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

Emergency Context Resolution with Internet Technologies (ECRIT) Marc Linsner Roger Marshall IETF 92 - Dallas March 24, 2015.

PPSP Working Group IETF-89 London, UK 16:10-18:40, Tuesday, Webex: participation.html.

Status Update for Algorithm Transition for the RPKI (draft-ietf-sidr-algorithm-agility) Steve Kent Roque Gagliano Sean Turner.

NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.

Aug 3, 2004AAA WG, IETF 60 San Diego1 Diameter NASReq Application Status David Mitton, Document Editor.

1 Notification Rate Control draft-ietf-sipcore-event-rate-control th IETF,

Submission February 2014 Slide 1 IEEE 802 Response to FDIS comments on IEEE 802.1AR 20 March 2014 Authors: NameCompanyPhone .

Submission February 2014 Slide 1 IEEE 802 Response to FDIS comments on IEEE 802.1AR 19 February 2014 Authors: NameCompanyPhone .

Dime WG Status Update IETF#81, THURSDAY, July 28, Afternoon Session I.

DIME WG IETF 82 Dime WG Agenda & Status THURSDAY, November 17, 2011 Jouni Korhonen & Lionel Morand.

DIME WG IETF 84 DIME WG Agenda & Status Tuesday, July 31 st, 2012 Jouni Korhonen, Lionel Morand.

July 27, 2009IETF NEA Meeting1 NEA Working Group IETF 75 Co-chairs: Steve Hanna

Wed 31 Jul & Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 SIDR Working Group IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013.

Emergency Context Resolution with Internet Technologies Marc Linsner Roger Marshall IETF 87 Berlin July 29, 2013.

ARIN Section 4.10 Austerity Policy Update.

ARIN Modify section 8.2 to better reflect how ARIN handles reorganizations.

A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.

Transport Layer Security (TLS) IETF-72, Dublin July 27, 2008 Chairs: Eric Rescorla Joseph Salowey.

1 SeGW Certificate profile (Revised) 3GPP2 TSG-S WG4 /TSG-X WG5 (PDS) S X xx Source: QUALCOMM Incorporated Contact(s): Anand.

IETF #81 DRINKS WG Meeting Québec City, QC, Canada Tue, July 26 th, 2011.

NEWTRK WG Paris, August 5, Agenda 0 – agenda bashing – 10m 1 - introduction & status - chair- 10m discussion on the issues with ISD proposal.

Device Reset Characterization draft-ietf-bmwg-reset-02 Rajiv Asati Carlos Pignataro Fernando Calabria Cesar Olvera Presented by Andrew.

Updates to the RPKI Certificate Policy I-D Steve Kent BBN Technologies.

ECRIT Virtual Interim Meeting 3rd June 2009, 1PM EDT (New York) Marc Linsner Hannes Tschofenig.

IETF 86 PIM wg meeting. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC.

Slide 1 IEEE 802 Response to FDIS comments on IEEE 802.1AS 18 March 2014 Authors: NameCompanyPhone .

IPPM WG IETF 79. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and.

Draft-huston-sidr-rfc6490-bis Geoff Huston Slide 1/6.

SIPREC WG, IETF# , GMT+2 John Elwell (WG co-chair) Brian Rosen (WG co-chair)

Guiding the Evolution of the IANA Protocol Parameter Registries Russ Housley 6 March 2014.

IETF #84 - NETCONF WG session 1 NETCONF WG IETF 84, Vancouver, Canada MONDAY, July 30, Bert Wijnen Mehmet Ersue.

Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.

Wed 24 Mar 2010SIDR IETF 77 Anaheim, CA1 SIDR Working Group IETF 77 Anaheim, CA Wednesday, Mar 24, 2010.

Wed 31 Jul & Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 SIDR Working Group IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013.

OAuth WG Blaine Cook, Hannes Tschofenig. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft.

Comments on draft-ietf-pkix-rfc3280bis-01.txt IETF PKIX Meeting Paris - August 2005 Denis Pinkas

DNSEXT at IETF-83 Paris 2012/3/27 at 17:10 – 18:10 Ólafur Guðmundsson Andrew Sullivan.

DMM WG IETF 84 DMM WG Agenda & Status Tuesday, July 31 st, 2012 Jouni Korhonen, Julien Laganier.

Slide 1 IEEE 802 Response to FDIS comments on IEEE 802.1AB 20 March 2014 Authors: NameCompanyPhone .

HIP WG Gonzalo Camarillo David Ward IETF 80, Prague, Czech Republic THURSDAY, March 31, 2011, Barcelona/Berlin.

Advisory Council Shepherds: David Farmer & Chris Grundemann Global Policy for post exhaustion IPv4 allocation mechanisms by the IANA.

Routing Area WG (rtgwg) IETF 82 – Taipei Chairs: Alia Atlas Alvaro Retana

SIEVE Mail Filtering WG IETF 70, Vancouver WG Chairs: Cyrus Daboo, Alexey Melnikov Mailing List: Jabber:

HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.

SIPPING Working Group IETF 67 Mary Barnes Gonzalo Camarillo.

Mon 23 Mar 2015SIDR IETF 92 Dallas, TX, US1 SIDR Working Group IETF 92 Dallas, TX, US Monday, 23 Mar 2015.

Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston )

Fri 24 Jul 2015SIDR IETF 93 Prague, CZ1 SIDR Working Group IETF 93 Prague, CZ Friday, 24 Jul 2015.

RPKI Certificate Policy Status Update Stephen Kent.

Thu 30 July 2009SIDR IETF 75 Stockholm, SE1 SIDR Working Group IETF 75 Stockholm, SE THURSDAY, July 30, 2009.

Emergency Context Resolution with Internet Technologies Marc Linsner Roger Marshall IETF 86 Orlando March 13, 2013.

IETF 84 Vancouver, BC, CA Wednesday, 1 Aug 2012

Recommended Draft Policy ARIN : Post-IPv4-Free-Pool-Depletion Transfer Policy Staff Introduction.

Resource Certificate Profile

P2PSIP WG IETF 84 P2PSIP WG Agenda & Status Tuesday, July 31st, 2012

STIR WG IETF-100 PASSPorT Extension for Resource-Priority Authorization (draft-ietf-stir-rph-01) November, 2017 Ray P. Singh, Martin Dolly, Subir Das,

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006

HKU Grid Certificate Authority (HKU Grid CA) CP/CPS Reviewer’s Comments Bill Yau

TCP Maintenance and Minor Extensions (TCPM) Working Group Status

Presentation transcript:

RPKI Certificate Policy Status Update Stephen Kent

2 Changes from July  At the July 2009 IETF meeting I briefed the many changes made to the CP as a result of review and editing by Andrei (on behalf of the RIRs)  These changes were generally well received, but there were a few suggestions for additional changes l Make the IESG be responsible for maintaining the CP l Make the document a BCP instead of Informational l Provide a definition for RPKI signed objects, rather than just examples

3 Changes Due to WGLC Comments  Improve the RPKI signed object definition  Clarify that the use of names that are not meaningful to people apply to all Subjects

4 What we did, and What’s Left to Do  We failed to denote this as a standards track document targeted towards BCP status  We changes to reflect the IESG as the entity responsible for maintaining the CP l Parts of section 9 were not modified (an oversight)  We defined RPKI signed objects based on standards track RFCs issued by SIDR WG l We need to make this more general, to account for life after the SIDR WG  We will revise the text on name types

5 RFC Status Revision “Intended Status: Informational” becomes “Intended Status: Best Current Practice”

6 Revised text for  The distinguished name for every CA and end entity consists of a single Common Name (CN) attribute with a value generated by the issuer of the certificate. Optionally, the serialNumber attribute may be included along with the common name (to form a terminal relative distinguish name set), to distinguish among successive instances of certificates associated with the same entity. This text removes the distinction previously accorded RIRs and IANA names, and aligns with the SIDR architecture document

7 Revised RPKI Signed Object Text “An RPKI-signed object, is a digitally-signed object (other than a certificate or CRL), declared to be such by a standards track RFC issued by the SIDR WG, …” becomes “An RPKI-signed object is a digitally-signed object (other than a certificate or CRL), declared to be such by a standards track RFC,...”

8 Section Revised Text Procedure for amendment “ The procedure for amendments to this CP is via written notice from IANA and the Regional Internet Registries (RIRs).” becomes “The procedure for amending this CP is via written notice from the IESG in the form of a new (BCP) RFC that updates or obsoletes this document.”

9 Section Revised Text Notification mechanism and period “The IANA and the RIRs will provide at least one month's advance notice of a change to this CP.” becomes “The IESG will provide at least a six month advance notice of any changes to this CP.”

10 Section Revised Text Circumstances under which OID must be changed “If the IANA and the RIRs judge that the change(s) will not materially reduce the acceptability of certificates for RPKI purposes, then there will be no change to the CP OID. If they judge that the change(s) will materially change the acceptability of certificates for RPKI purposes, then there will be a new CP OID.” becomes “If the IESG judges that changes to the CP do not materially reduce the acceptability of certificates issued for RPKI purposes, there will be no change to the CP OID. If the IETF judges that changes to the CP do materially change the the acceptability of certificates for RPKI purposes, then there will be a new CP OID.”

11 Two More Changes  Though not mentioned on the list, we discovered an additional error that will be fixed: l The informative references to RSA and to RFC 2119 will be deleted