The IESG has received a request from the SIDR Operations WG (sidrops) to consider the following document: - 'Resource Public Key Infrastructure (RPKI) Manifest Number Handling' <draft-ietf-sidrops-manifest-numbers-07.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2025-08-06. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Resource Public Key Infrastructure (RPKI) makes use of signed objects called manifests. A manifest lists each file that an issuer intends to include within an RPKI repository, and can be used to detect certain forms of attack against a repository. Manifests include a "manifest number" (manifestNumber), which an issuer must increment whenever it issues a new manifest, and Relying Parties (RPs) are required to verify that a newly-retrieved manifest for a given Certification Authority (CA) has a higher manifestNumber than the previously-validated manifest. However, the manifestNumber field is 20 octets in length (i.e. bounded), and no behaviour is specified for when a manifestNumber reaches the largest possible value. This document updates RFC9286 by specifying issuer and RP behaviour for this scenario. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-sidrops-manifest-numbers/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ IETF-Announce mailing list -- [email protected] To unsubscribe send an email to [email protected]
