]> Zhongguancun Laboratory

Beijing China suyy@mail.zgclab.edu.cn

Zhongguancun Laboratory

Beijing China qinlc@mail.zgclab.edu.cn

ZDNS

Beijing China madi@zdns.cn

Tsinghua University

Beijing China tolidan@tsinghua.edu.cn

Operations and Management SIDROPS RPKI, Relying Party This document provides a single reference point for requirements for Relying Party (RP) software for use in the Resource Public Key Infrastructure (RPKI). It cites requirements that appear in several RPKI RFCs and related specifications, making it easier for implementers to become aware of these requirements. This document updates to reflect changes to the requirements and guidance specified in the relevant RPKI standards, including updates to repository synchronization, certificate and CRL processing, signed object validation, validated cache distribution, local control, and operational and manageability support for RP software. This document is expected to be updated to reflect changes to the requirements and guidance specified in the RFCs discussed herein.

Introduction RPKI Relying Party (RP) software is used by network operators and others to acquire and verify Internet Number Resource (INR) data stored in the RPKI repository system. RPKI data, when verified, allows an RP to verify assertions about which Autonomous Systems (ASes) are authorized to originate routes for IP address prefixes. RPKI data also establishes a binding between public keys and BGP routers and indicates the AS numbers that each router is authorized to represent, supports validation of Autonomous System Provider Authorizations (ASPAs), and enables validation of other RPKI signed objects such as RPKI Signed Checklists (RSCs) and Trust Anchor Keys (TAKs). The essential requirements imposed on RP software to support secure Internet routing are scattered throughout numerous protocol-specific RFCs and Best Current Practice RFCs. The following RFCs and related specifications define these requirements:

• (Repository Structure)
• (Key Rollover)
• (Algorithm Agility)
• (Algorithms and Key Sizes for Use in RPKI), as updated by
• (RPKI Trust Anchor Locators), as updated by
• (RPKI Trust Anchor Keys (TAKs))
• (Certificate and CRL profile), as updated by and
• (BGPsec Router Certificates Profile)
• (RPKI to Router Protocol, Version 0)
• (RPKI to Router Protocol, Version 1), as updated by (Version 2)
• (RPKI SLURM), as updated by
• (RPKI Signed Object Template), as updated by
• (Manifests), as updated by
• (Route Origin Authorizations (ROAs)), as updated by
• (RPKI Signed Checklists (RSCs))
• (ASPA object profile)
• (The RPKI Repository Delta Protocol (RRDP)), as updated by and
• (Erik Synchronization Protocol)
• (rsync repository synchronization)
• (RPKI Canonical Cache Representation (CCR))

The distribution of RPKI RP requirements across these documents makes it hard for an implementer to be confident that he/she has addressed all of these requirements. Additionally, good software engineering practice may call for segmenting the RP system into components with orthogonal functionalities so that those components may be distributed. A taxonomy of the collected RP software requirements can help clarify the role of the RP. To consolidate RP software requirements in one document, with pointers to all the relevant RFCs and related specifications, this document outlines a set of baseline requirements imposed on RPs and provides a single reference point for requirements for RP software for use in the RPKI. The requirements are organized into the following groups:

• Fetching and Caching RPKI Repository Objects
• Processing Certificates and Certificate Revocation Lists (CRLs)
• Processing RPKI Repository Signed Objects
• Distributing Validated Cache of the RPKI Data
• Local Control
• Operational and Manageability Requirements for RPs

This document will be updated to reflect new or changed requirements as these RFCs and related specifications are updated or additional RFCs are written.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Changes from This document updates to reflect changes in the RPKI standards that affect RP software. The most significant changes are:

• References to obsolete or updated specifications have been revised, including replacement of by , replacement of by , update of by , update of by , and update of by and .
• Requirements related to trust anchor processing have been updated to include and .
• Requirements related to repository synchronization have been updated to include , , , , and .
• Requirements related to ROA have been updated to reference and .
• Requirements related to manifests have been updated to reference and .
• Requirements related to basic signed object syntax checks have been updated to reflect the changes in .
• New signed-object requirements have been added for Trust Anchor Keys (TAKs) , RPKI Signed Checklists (RSCs) and Autonomous System Provider Authorizations (ASPAs) .
• Requirements related to Ghostbusters Records have been removed, since is now Historic.
• Requirements related to certificate path validation have been updated to reflect and .
• Requirements related to validated cache distribution have been updated to include .
• Requirements related to local control have been updated to include .
• A new set of operational and manageability requirements has been added, including support for validated cache export, operational observability and diagnostics, and audit trail and historical state retention.

Note on Referenced SIDROPS Work This document references a number of active SIDROPS Working Group Internet-Drafts in addition to published RFCs. These references are included because the referenced work is directly relevant to current RP software requirements and, in several cases, has reached a level of Working Group maturity that is likely to affect the baseline requirements for RP implementations. Accordingly, references to active SIDROPS Working Group Internet-Drafts in this document are provisional. If the status, scope, or content of these drafts changes, the corresponding references and requirements in this document are expected to be updated accordingly. Prior to publication of this document as an RFC, references to Internet-Drafts that do not advance to RFC status are expected to be updated, replaced, or removed as appropriate. This section is editorial in nature and may be removed prior to publication as an RFC.

Fetching and Caching RPKI Repository Objects RP software uses one or more repository synchronization protocols supported by targeted repositories, such as rsync , RRDP as updated by and , or Erik , to download RPKI objects from the repository system in order to update a local cache. These mechanisms download only those objects that have been added or replaced with new versions since the time when the RP most recently checked the repository. RP software validates the RPKI data and uses it to generate authenticated outputs based on the validated repository contents for use by systems that consume validated RPKI information.

Trust Anchor Configuration and Processing The requirements of Section 2.1 of continue to apply, with the following updates:

• If multiple valid TA certificates are available for a configured TA, RP software SHOULD apply a deterministic TA certificate selection procedure. Such a procedure is specified in Section 2 of , which updates Section 3 of .
• RP software MUST keep a record of the current public key for each configured TA, as well as the URI(s) where the CA certificate for this public key may be retrieved, as specified in Section 4 of .
• When performing top-down validation, if a TAK object is present, RP software MUST validate and process it before processing other objects issued under the TA, as specified in Sections 2.3 and 4 of . RP software that supports TAK processing MUST apply the successor-key verification and acceptance-timer procedure specified in Section 4 of .

Locating and Fetching RPKI Repository Objects The RPKI repository system is a distributed one, consisting of multiple repository instances. Each repository instance contains one or more repository publication points. RP software locates and fetches RPKI repository objects using the mechanisms defined by the applicable repository synchronization and object-location specifications. Section 5 of specifies how RP software locates RPKI repository objects using the Subject Information Access (SIA) and the Authority Information Access (AIA) extensions. For repository synchronization mechanisms such as rsync , RP software uses these extensions to discover the relevant repository publication points and related RPKI objects. Detailed specifications of the SIA and AIA extensions in a resource certificate are described in Sections 4.8.8 and 4.8.7 of , respectively. If RP software supports RRDP, repository object discovery and retrieval are additionally specified in . If RP software supports Erik Synchronization, repository object discovery and retrieval are additionally specified in Section 4 of . In Erik Synchronization, RP software acquires an ErikIndex for a given FQDN and then uses the referenced ErikPartition and manifest information to determine which repository objects need to be fetched.

Dealing with Key Rollover The requirements of Section 2.3 of continue to apply. In addition, RP software requirements for dealing with TA key rollover and successor key processing are described in Section 4 of .

Dealing with Algorithm Transition The requirements of Section 2.4 of continue to apply.

Strategies for Efficient Cache Maintenance The requirements of Section 2.5 of continue to apply.

Repository Synchronization Protocols RP software uses one or more repository synchronization protocols, such as rsync , RRDP , and Erik , to update its local cache of RPKI repository objects. Requirements for RRDP are specified in . Additional RRDP requirements for RPs are specified in and . In particular, RP software that supports RRDP MUST apply the Same-Origin Policy checks specified in . RP software that supports RRDP SHOULD also perform the desynchronization detection and recovery procedures specified in . If RP software switches from RRDP to rsync, it SHOULD follow the guidance in Section 2.2 of . If RP software supports Erik Synchronization, repository synchronization procedures are additionally specified in Section 4 of .

Certificate and CRL Processing The requirements of the introductory text of Section 3 of continue to apply.

Verifying Resource Certificate and Syntax The requirements of Section 3.1 of continue to apply.

Certificate Path Validation Initially, the INRs in the issuer's certificate are required to encompass the INRs in the subject's certificate. This is one of the necessary principles of certificate path validation in addition to cryptographic verification (i.e., verification of the signature on each certificate using the public key of the parent certificate). Section 7.2 of specifies the procedure that RP software should follow to perform certificate path validation. updates this procedure. In particular, when determining the revocation status of a resource certificate, RP software MUST use the unique current CRL that is both identified by the certificate's CRL Distribution Points extension and listed on the issuing CA's current manifest with a matching hash, as specified in Section 3.2 of . Ongoing work to revise the RPKI validation algorithm is described in , which updates Section 5 of to reference the validated VRS-IP outcome of EE certificate validation, replaces Section 7.2 of in its entirety with a revised resource certification path validation procedure, updates Section 9 of , and obsoletes .

CRL Processing The CRL processing requirements imposed on CAs and RPs are described in Section 5 of , as updated by Sections 2 and 3.1 of . CRLs in the RPKI are tightly constrained; only the AuthorityKeyIdentifier (section 4.8.3 of ) and CRLNumber (section 5.2.3 of ) extensions are allowed, and they are required to be present. No other CRL extensions are allowed, and no CRLEntry extensions are permitted. RP software is required to verify that these constraints have been met. Each CRL in the RPKI must be verified using the public key from the certificate of the CA that issued the CRL. RP software MUST process the AKI extension and MUST ignore the CRL Number extension except for checking that it is marked non-critical and contains a non-negative integer not greater than 2^159-1. In the RPKI, the current CRL relevant to determining the revocation status of a resource certificate is the unique CRL that is both identified by the certificate's CRL Distribution Points extension and listed on the issuing CA's current manifest with a matching hash, as specified in Sections 2 and 3.2 of . If the CRL is not listed on a valid, current manifest acquired during a fetch, the CRL is considered missing and the fetch has failed. In that case, the RP MUST issue a warning and SHOULD continue to use cached versions of the objects associated with that CA instance, if available, until such time as they become stale or can be replaced by objects from a successful fetch. Until then, the RP MUST NOT attempt to acquire and validate subordinate signed objects for that CA instance, as specified in Section 6.6 of .

Processing RPKI Repository Signed Objects

Basic Signed Object Syntax Checks The requirements of Section 4.1 of continue to apply, with the following update:

• updates the checks in Section 3 of . In particular, Section 4 of updates Section 3, item 1.f and item 1.g of by requiring the signedAttrs field to contain the content-type, message-digest, and signing-time attributes, and by disallowing the CMS binary-signing-time attribute.

Syntax and Validation for Each Type of Signed Object

Manifest To determine whether a manifest is valid, RP software is required to perform manifest-specific checks in addition to the generic signed-object checks specified in , as updated by . Specific checks for a manifest are described in Sections 4.2.1 and 4.4 of . If these checks fail, or if manifest acquisition or processing otherwise fails, RP software is required to proceed as specified in Section 6.6 of . Additional manifest-number handling requirements are described in , which updates Section 4.2.1 of .

ROA To validate a Route Origin Authorization (ROA), RP software is required to perform all the checks specified in , as updated by , as well as additional, ROA-specific validation steps. The ROA content type and ROA eContent are specified in Sections 3 and 4 of . Specific checks for a ROA are described in Section 5 of . Additional ROA validation requirements are described in Section 3 of , which updates the ROA validation procedure in Section 5 of . In particular, it replaces the requirement that each IP address prefix in the ROA be contained within the EE certificate's IP address delegation extension with a requirement that each IP address prefix in the ROA be contained within the VRS-IP set resulting from EE certificate validation.

ASPA To validate an Autonomous System Provider Authorization (ASPA), RP software is required to perform all the checks specified in , as updated by , as well as additional, ASPA-specific validation steps. The ASPA content type and ASPA eContent are specified in Sections 2 and 3 of . Specific checks for an ASPA are described in Section 4 of .

RSC To validate an RPKI Signed Checklist (RSC), RP software is required to perform all the checks specified in , as updated by , as well as additional, RSC-specific validation steps. The RSC profile, eContentType, and eContent are specified in Sections 2, 3, and 4 of . Specific checks for an RSC are described in Section 5 of . If RP software makes use of a validated RSC to verify files or data, it can follow the procedures described in Section 6 of .

TAK To validate a Trust Anchor Key (TAK), RP software is required to perform all the checks specified in , as updated by , as well as additional, TAK-specific validation steps. The TAK object content type and TAK eContent are specified in Sections 2.1 and 2.2 of . Specific checks for a TAK are described in Section 2.3 of . RP software requirements for the use of valid TAK objects are described in Section 4 of .

Verifying BGPsec Router Certificate The requirements of Section 4.2.4 of continue to apply.

How to Make Use of Manifest Data A manifest provides an RP with a signed inventory of the current objects published by a CA at a publication point. RP software uses the manifest to determine which files are current and acceptable for validation and, together with the certificate's CRL Distribution Points (CRLDP) extension, to identify the current CRL. For a given publication point, RP software is required to perform the tests specified in Sections 6.1 through 6.6 of to determine which files at the publication point are acceptable. The tests are performed using the manifest identified by the SIA id-ad-rpkiManifest URI extracted from a CA certificate, and all files referenced by the manifest MUST be located at the publication point identified by the SIA id-ad-caRepository URI in the same certificate. The manifest and the files it references MUST reside at the same publication point. If an RP encounters any files that appear on a manifest but do not reside at the same publication point as the manifest, the RP MUST treat the fetch as failed, and a warning MUST be issued, as specified in Sections 6.1 and 6.6 of . RP software MUST use the current manifest of a CA to determine which files are current objects for that CA at the corresponding publication point, as specified in Sections 2 and 6.1 of . Files not listed on the current manifest MUST NOT be used as current objects for that CA at that publication point. During CA key rollover, manifest processing is performed separately for each CA instance, guided by the SIA id-ad-rpkiManifest URI in the corresponding CA certificate, as specified in Sections 2 and 6.1 of . If the manifest cannot be retrieved, is invalid, is stale, if any file listed on the manifest cannot be retrieved from the publication point, if a listed file fails hash validation, if the manifest or any listed file does not reside at the same publication point, or if manifest processing otherwise fails, the RP MUST treat the fetch as failed and proceed as specified in Section 6.6 of . RP software MUST use the issuer's current manifest together with the certificate's CRL Distribution Points (CRLDP) extension to identify the current CRL relevant to determining the revocation status of a resource certificate, as specified in Sections 2 and 3.2 of . If the CRL is not listed on a valid, current manifest, the RP MUST treat the fetch as failed.

Distributing Validated Cache On a periodic basis, BGP speakers within an AS request updated validated cache data from the (local) validated cache of RPKI data. The RP may either transfer the validated data to the BGP speakers directly, or it may transfer the validated data to a cache server that is responsible for provisioning such data to BGP speakers. The specifications of the protocol designed to deliver validated cache data to a BGP speaker are provided in , , and . specifies version 0 of the RPKI-Router protocol. specifies version 1 and updates . specifies version 2, updates , and is compatible with both earlier versions. If RP software supports version 2 of the RPKI-Router protocol, RP software is required to follow the additional requirements specified in , including support for ASPA PDUs and the ordering rules for cache responses.

Local Control The requirements of Section 6 of continue to apply, with the following updates:

• If an ISP wants to implement SLURM, its RP system can follow the instructions specified in .
• If an ISP wants to apply local filters and local assertions for Autonomous System Provider Authorizations (ASPAs), its RP system can follow the instructions specified in , which updates .

Operational and Manageability Requirements for RPs RP software is often deployed as a continuously operating system component and is expected to support operational use, troubleshooting, and auditing in addition to repository synchronization and object validation. In operational environments, it is desirable for RP software to produce stable and machine-readable information that can be used for interchange, comparison, and audit across different RP implementations. Such information can support exchange of validated cache state, diagnosis of repository synchronization and object validation outcomes, and retention of historical RP results for later analysis. The following sections describe requirements related to export of validated cache state, operational observability, and historical retention of RP outputs.

Export of Validated Cache State RP software SHOULD support export of validated cache state in a stable, machine-readable form suitable for interchange with other systems. If an RP implementation supports Canonical Cache Representation (CCR), it can follow the instructions specified in . CCR may be used, for example, for audit trail keeping, validated payload dissemination, and analytics pipelines.

Operational Observability and Diagnostics RP software SHOULD provide sufficient status and diagnostic information to enable operators to understand the current execution state of the RP, the outcomes of repository synchronization, and the reasons for RPKI object-level rejection. In particular, RP software SHOULD make available log information sufficient to identify repository fetch failures, synchronization failures, and object parsing or validation failures.

Audit Trail and Historical State Retention RP software SHOULD support retention of historical RP output state, or equivalent audit records, sufficient to enable comparison, replay, or later analysis of validated cache outcomes.

Security Considerations The requirements of Section 7 of continue to apply.

IANA Considerations This document has no IANA requests.

Acknowledgements

References Normative References This document defines a profile for the structure of the Resource Public Key Infrastructure (RPKI) distributed repository. Each individual repository publication point is a directory that contains files that correspond to X.509/PKIX Resource Certificates, Certificate Revocation Lists and signed objects. This profile defines the object (file) naming scheme, the contents of repository publication points (directories), and a suggested internal structure of a local repository cache that is intended to facilitate synchronization across a distributed collection of repository publication points and to facilitate certification path construction. [STANDARDS-TRACK] This document defines a standard profile for X.509 certificates for the purpose of supporting validation of assertions of "right-of-use" of Internet Number Resources (INRs). The certificates issued under this profile are used to convey the issuer's authorization of the subject to be regarded as the current holder of a "right-of-use" of the INRs that are described in the certificate. This document contains the normative specification of Certificate and Certificate Revocation List (CRL) syntax in the Resource Public Key Infrastructure (RPKI). This document also specifies profiles for the format of certificate requests and specifies the Relying Party RPKI certificate path validation procedure. [STANDARDS-TRACK] This document defines a generic profile for signed objects used in the Resource Public Key Infrastructure (RPKI). These RPKI signed objects make use of Cryptographic Message Syntax (CMS) as a standard encapsulation format. [STANDARDS-TRACK] This document describes how a Certification Authority (CA) in the Resource Public Key Infrastructure (RPKI) performs a planned rollover of its key pair. This document also notes the implications of this key rollover procedure for relying parties (RPs). In general, RPs are expected to maintain a local cache of the objects that have been published in the RPKI repository, and thus the way in which a CA performs key rollover impacts RPs. This memo documents an Internet Best Current Practice. In order to verifiably validate the origin Autonomous Systems of BGP announcements, routers need a simple but reliable mechanism to receive Resource Public Key Infrastructure (RFC 6480) prefix origin data from a trusted cache. This document describes a protocol to deliver validated prefix origin data to routers. [STANDARDS-TRACK] This document specifies the process that Certification Authorities (CAs) and Relying Parties (RPs) participating in the Resource Public Key Infrastructure (RPKI) will need to follow to transition to a new (and probably cryptographically stronger) algorithm set. The process is expected to be completed over a timescale of several years. Consequently, no emergency transition is specified. The transition procedure defined in this document supports only a top-down migration (parent migrates before children). This document specifies the algorithms, algorithms' parameters, asymmetric key formats, asymmetric key size, and signature format for the Resource Public Key Infrastructure (RPKI) subscribers that generate digital signatures on certificates, Certificate Revocation Lists (CRLs), Cryptographic Message Syntax (CMS) signed objects and certification requests as well as for the relying parties (RPs) that verify these digital signatures. In the Resource Public Key Infrastructure (RPKI), Certificate Authorities (CAs) publish certificates, including end-entity certificates, Certificate Revocation Lists (CRLs), and RPKI signed objects to repositories. Relying Parties retrieve the published information from those repositories. This document specifies a new RPKI Repository Delta Protocol (RRDP) for this purpose. RRDP was specifically designed for scaling. It relies on an Update Notification File which lists the current Snapshot and Delta Files that can be retrieved using HTTPS (HTTP over Transport Layer Security (TLS)), and it enables the use of Content Distribution Networks (CDNs) or other caching infrastructures for the retrieval of these files. This document defines a standard profile for X.509 certificates used to enable validation of Autonomous System (AS) paths in the Border Gateway Protocol (BGP), as part of an extension to that protocol known as BGPsec. BGP is the standard for inter-domain routing in the Internet; it is the "glue" that holds the Internet together. BGPsec is being developed as one component of a solution that addresses the requirement to provide security for BGP. The goal of BGPsec is to provide full AS path validation based on the use of strong cryptographic primitives. The end entity (EE) certificates specified by this profile are issued to routers within an AS. Each of these certificates is issued under a Resource Public Key Infrastructure (RPKI) Certification Authority (CA) certificate. These CA certificates and EE certificates both contain the AS Resource extension. An EE certificate of this type asserts that the router or routers holding the corresponding private key are authorized to emit secure route advertisements on behalf of the AS(es) specified in the certificate. This document also profiles the format of certification requests and specifies Relying Party (RP) certificate path validation procedures for these EE certificates. This document extends the RPKI; therefore, this document updates the RPKI Resource Certificates Profile (RFC 6487). In order to verifiably validate the origin Autonomous Systems and Autonomous System Paths of BGP announcements, routers need a simple but reliable mechanism to receive Resource Public Key Infrastructure (RFC 6480) prefix origin data and router keys from a trusted cache. This document describes a protocol to deliver them. This document describes version 1 of the RPKI-Router protocol. RFC 6810 describes version 0. This document updates RFC 6810. The Resource Public Key Infrastructure (RPKI) is a global authorization infrastructure that allows the holder of Internet Number Resources (INRs) to make verifiable statements about those resources. Network operators, e.g., Internet Service Providers (ISPs), can use the RPKI to validate BGP route origin assertions. ISPs can also use the RPKI to validate the path of a BGP route. However, ISPs may want to establish a local view of exceptions to the RPKI data in the form of local filters and additions. The mechanisms described in this document provide a simple way to enable INR holders to establish a local, customized view of the RPKI, overriding global RPKI repository data as needed. This document defines a Trust Anchor Locator (TAL) for the Resource Public Key Infrastructure (RPKI). The TAL allows Relying Parties in the RPKI to download the current Trust Anchor (TA) Certification Authority (CA) certificate from one or more locations and verify that the key of this self-signed certificate matches the key on the TAL. Thus, Relying Parties can be configured with TA keys but can allow these TAs to change the content of their CA certificate. In particular, it allows TAs to change the set of IP Address Delegations and/or Autonomous System Identifier Delegations included in the extension(s) (RFC 3779) of their certificate. This document obsoletes the previous definition of the TAL as provided in RFC 7730 by adding support for Uniform Resource Identifiers (URIs) (RFC 3986) that use HTTP over TLS (HTTPS) (RFC 7230) as the scheme. This document defines a "manifest" for use in the Resource Public Key Infrastructure (RPKI). A manifest is a signed object (file) that contains a listing of all the signed objects (files) in the repository publication point (directory) associated with an authority responsible for publishing in the repository. For each certificate, Certificate Revocation List (CRL), or other type of signed objects issued by the authority that are published at this repository publication point, the manifest contains both the name of the file containing the object and a hash of the file content. Manifests are intended to enable a relying party (RP) to detect certain forms of attacks against a repository. Specifically, if an RP checks a manifest's contents against the signed objects retrieved from a repository publication point, then the RP can detect replay attacks, and unauthorized in-flight modification or deletion of signed objects. This document obsoletes RFC 6486. This document defines a Cryptographic Message Syntax (CMS) protected content type for use with the Resource Public Key Infrastructure (RPKI) to carry a general-purpose listing of checksums (a 'checklist'). The objective is to allow for the creation of an attestation, termed an "RPKI Signed Checklist (RSC)", which contains one or more checksums of arbitrary digital objects (files) that are signed with a specific set of Internet Number Resources. When validated, an RSC confirms that the respective Internet resource holder produced the RSC. This document defines a standard profile for Route Origin Authorizations (ROAs). A ROA is a digitally signed object that provides a means of verifying that an IP address block holder has authorized an Autonomous System (AS) to originate routes to one or more prefixes within the address block. This document obsoletes RFC 6482. In the Resource Public Key Infrastructure (RPKI), Signed Objects are defined as Cryptographic Message Syntax (CMS) protected content types. A Signed Object contains a signing-time attribute, representing the purported time at which the object was signed by its issuer. RPKI repositories are accessible using the rsync and RPKI Repository Delta protocols, allowing Relying Parties (RPs) to synchronize a local copy of the RPKI repository used for validation with the remote repositories. This document describes how the CMS signing-time attribute can be used to avoid needless retransfers of data when switching between different synchronization protocols. This document updates RFC 6488 by mandating the presence of the CMS signing-time attribute and disallowing the use of the binary-signing-time attribute. This document describes a Same-Origin Policy (SOP) requirement for Resource Public Key Infrastructure (RPKI) Repository Delta Protocol (RRDP) servers and clients. Application of a SOP in RRDP client/server communication isolates resources such as Delta and Snapshot files from different Repository Servers, reducing possible attack vectors. This document updates RFC 8182. A Trust Anchor Locator (TAL) is used by Relying Parties (RPs) in the Resource Public Key Infrastructure (RPKI) to locate and validate a Trust Anchor (TA) Certification Authority (CA) certificate used in RPKI validation. This document defines an RPKI signed object for a Trust Anchor Key (TAK). A TAK object can be used by a TA to signal to RPs the location(s) of the accompanying CA certificate for the current public key, as well as the successor public key and the location(s) of its CA certificate. This object helps to support planned key rollovers without impacting RPKI validation. This document describes an approach for Resource Public Key Infrastructure (RPKI) Relying Parties to detect a particular form of RPKI Repository Delta Protocol (RRDP) session desynchronization and how to recover. This document updates RFC 8182. This document revises how the Resource Public Key Infrastructure (RPKI) handles Certificate Revocation List (CRL) Number extensions. This document updates RFC 6487. Certification Authorities (CAs) within the Resource Public Key Infrastructure (RPKI) manage BGPsec router certificates as well as RPKI certificates. The rollover of BGPsec router certificates must be carefully performed in order to synchronize the distribution of router public keys with BGPsec UPDATE messages verified with those router public keys. This document describes a safe rollover process, and it discusses when and why the rollover of BGPsec router certificates is necessary. When this rollover process is followed, the rollover will be performed without routing information being lost. This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK] This document specifies the algorithms, algorithm parameters, asymmetric key formats, asymmetric key sizes, and signature formats used in BGPsec (Border Gateway Protocol Security). This document updates RFC 7935 ("The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure") and obsoletes RFC 8208 ("BGPsec Algorithms, Key Formats, and Signature Formats") by adding Documentation and Experimentation Algorithm IDs, correcting the range of unassigned algorithms IDs to fill the complete range, and restructuring the document for better reading. This document also includes example BGPsec UPDATE messages as well as the private keys used to generate the messages and the certificates necessary to validate those signatures. This document defines two X.509 v3 certificate extensions. The first binds a list of IP address blocks, or prefixes, to the subject of a certificate. The second binds a list of autonomous system identifiers to the subject of a certificate. These extensions may be used to convey the authorization of the subject to use the IP addresses and autonomous system identifiers contained in the extensions. [STANDARDS-TRACK] Arrcus, DRL, & IIJ Research Dragon Research Labs Asia Pacific Network Information Centre In order to validate the origin Autonomous Systems (ASes) and Autonomous System relationships behind BGP announcements, routers need a simple but reliable mechanism to receive Resource Public Key Infrastructure (RFC6480) prefix origin data, Router Keys, and ASPA data from a trusted cache. This document describes a protocol to deliver them. This document describes version 2 of the RPKI-Router protocol. [RFC6810] describes version 0, and [RFC8210] describes version 1. This document is compatible with both. BSD Software Development Yandex JetLend Internet Initiative Japan Vigil Security, LLC Workonline This document defines a Cryptographic Message Syntax (CMS) protected content type for Autonomous System Provider Authorization (ASPA) objects for use with the Resource Public Key Infrastructure (RPKI). An ASPA is a digitally signed object through which the issuer (the holder of an Autonomous System identifier), can authorize one or more other Autonomous Systems (ASes) as its transit providers. When validated, an ASPA's eContent can be used for detection and mitigation of route leaks. Port 179 Ltd ISPs may want to establish a local view of exceptions to the Resource Public Key Infrastructure (RPKI) data in the form of local filters or additional attestations. This document defines an addendum to RFC 8416 by specifying a format for local filters and local assertions for Autonomous System Provider Authorizations (ASPA) for use with the RPKI. Asia Pacific Network Information Centre Asia-Pacific Network Information Centre The Resource Public Key Infrastructure (RPKI) makes use of signed objects called manifests, each of which includes a "manifest number". This document updates RFC9286 by specifying issuer and RP behaviour when a manifest number reaches the largest possible value, a situation not considered in RFC9286. BSD Software Development RIPE NCC APNIC JPNIC This document specifies the Erik Synchronization Protocol for use with the Resource Public Key Infrastructure (RPKI). Erik Synchronization can be characterized as a data replication system using Merkle trees, a content-addressable naming scheme, concurrency control using monotonically increasing sequence numbers, and HTTP transport. Relying Parties can combine information retrieved via Erik Synchronization with other RPKI transport protocols. The protocol's design is intended to be efficient, fast, easy to implement, and robust in the face of partitions or faults in the network. BSD Software Development OpenBSD RIPE NCC A Trust Anchor (TA) in the Resource Public Key Infrastructure (RPKI) is represented by a self-signed X.509 Certification Authority (CA) certificate. Over time, Relying Parties (RP) may have acquired multiple different issuances of valid TA certificates from the same TA operator. This document specifies a tiebreaking scheme to be used by RPs to select one TA certificate for certification path validation. This document updates RFC 8630. BSD Software Development OpenBSD Workonline This document describes an improved validation procedure for Resource Public Key Infrastructure (RPKI) signed objects. This document updates RFC 6487. This document updates RFC 9582. This document obsoletes RFC 8360. n.d. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References This document describes an architecture for an infrastructure to support improved security of Internet routing. The foundation of this architecture is a Resource Public Key Infrastructure (RPKI) that represents the allocation hierarchy of IP address space and Autonomous System (AS) numbers; and a distributed repository system for storing and disseminating the data objects that comprise the RPKI, as well as other signed objects necessary for improved routing security. As an initial application of this architecture, the document describes how a legitimate holder of IP address space can explicitly and verifiably authorize one or more ASes to originate routes to that address space. Such verifiable authorizations could be used, for example, to more securely construct BGP route filters. This document is not an Internet Standards Track specification; it is published for informational purposes. This document provides a single reference point for requirements for Relying Party (RP) software for use in the Resource Public Key Infrastructure (RPKI). It cites requirements that appear in several RPKI RFCs, making it easier for implementers to become aware of these requirements. Over time, this RFC will be updated to reflect changes to the requirements and guidance specified in the RFCs discussed herein. This document analyzes actions by or against a Certification Authority (CA) or an independent repository manager in the RPKI that can adversely affect the Internet Number Resources (INRs) associated with that CA or its subordinate CAs. The analysis is done from the perspective of an affected INR holder. The analysis is based on examination of the data items in the RPKI repository, as controlled by a CA (or an independent repository manager) and fetched by Relying Parties (RPs). The analysis does not purport to be comprehensive; it does represent an orderly way to analyze a number of ways that errors by or attacks against a CA or repository manager can affect the RPKI and routing decisions based on RPKI data. This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer. This document obsoletes RFC 2401 (November 1998). [STANDARDS-TRACK] This document specifies an alternative to the certificate validation procedure specified in RFC 6487 that reduces aspects of operational fragility in the management of certificates in the Resource Public Key Infrastructure (RPKI), while retaining essential security features. The procedure specified in RFC 6487 requires that Resource Certificates are rejected entirely if they are found to overclaim any resources not contained on the issuing certificate, whereas the validation process defined here allows an issuing Certification Authority (CA) to chose to communicate that such Resource Certificates should be accepted for the intersection of their resources and the issuing certificate. It should be noted that the validation process defined here considers validation under a single trust anchor (TA) only. In particular, concerns regarding overclaims where multiple configured TAs claim overlapping resources are considered out of scope for this document. This choice is signaled by a set of alternative Object Identifiers (OIDs) per "X.509 Extensions for IP Addresses and AS Identifiers" (RFC 3779) and "Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI)" (RFC 6484). It should be noted that in case these OIDs are not used for any certificate under a trust anchor, the validation procedure defined here has the same outcome as the procedure defined in RFC 6487. Furthermore, this document provides an alternative to Route Origin Authorization (ROA) (RFC 6482) and BGPsec Router Certificate (BGPsec PKI Profiles -- publication requested) validation. This document defines a standard profile for Route Origin Authorizations (ROAs). A ROA is a digitally signed object that provides a means of verifying that an IP address block holder has authorized an Autonomous System (AS) to originate routes to one or more prefixes within the address block. [STANDARDS-TRACK] This document defines a "manifest" for use in the Resource Public Key Infrastructure (RPKI). A manifest is a signed object (file) that contains a listing of all the signed objects (files) in the repository publication point (directory) associated with an authority responsible for publishing in the repository. For each certificate, Certificate Revocation List (CRL), or other type of signed objects issued by the authority that are published at this repository publication point, the manifest contains both the name of the file containing the object and a hash of the file content. Manifests are intended to enable a relying party (RP) to detect certain forms of attacks against a repository. Specifically, if an RP checks a manifest's contents against the signed objects retrieved from a repository publication point, then the RP can detect "stale" (valid) data and deletion of signed objects. [STANDARDS-TRACK] In the Resource Public Key Infrastructure (RPKI), resource certificates completely obscure names or any other information that might be useful for contacting responsible parties to deal with issues of certificate expiration, maintenance, roll-overs, compromises, etc. This document describes the RPKI Ghostbusters Record containing human contact information that may be verified (indirectly) by a Certification Authority (CA) certificate. The data in the record are those of a severely profiled vCard. [STANDARDS- TRACK] BSD Software Development RIPE NCC RIPE NCC OpenBSD This document specifies a Canonical Cache Representation (CCR) content type for use with the Resource Public Key Infrastructure (RPKI). CCR is a Distinguished Encoding Rules (DER) encoded data interchange format which can be used to represent various aspects of the state of a validated RPKI cache at a particular point in time. The CCR profile is a compact and versatile format, well-suited for a variety of applications, for example, audit trails, analytics pipelines, and validated payload dissemination. BSD Software Development Deutsche Telekom This document describes a format and data storage approach for materialization of RPKI data in order to support a range of use cases such as auditing Certification Authorities and analytical research. The rpkispool format can be used for high-latency replication of raw RPKI data and associated validation outcomes as efficiently compressed durable objects. The method uses widely available standardized tooling and is designed to support long-term preservation of RPKI data in a cost-effective way.