The IESG has approved the following document: - 'Resource Public Key Infrastructure (RPKI) Manifest Number Handling' (draft-ietf-sidrops-manifest-numbers-08.txt) as Proposed Standard
This document is the product of the SIDR Operations Working Group. The IESG contact persons are Mahesh Jethanandani and Mohamed Boucadair. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-manifest-numbers/ Technical Summary The Resource Public Key Infrastructure (RPKI) makes use of signed objects called manifests. A manifest lists each file that an issuer intends to include within an RPKI repository, and can be used to detect certain forms of attack against a repository. Manifests include a "manifest number" (manifestNumber), which an issuer must increment whenever it issues a new manifest, and Relying Parties (RPs) are required to verify that a newly-retrieved manifest for a given Certification Authority (CA) has a higher manifestNumber than the previously-validated manifest. However, the manifestNumber field is 20 octets in length (i.e., bounded), and no behavior is specified for when a manifestNumber reaches the largest possible value. This document updates RFC 9286 by specifying issuer and RP behavior for this scenario. Working Group Summary No issue was raised against the specification during it devleoppement. Even if the number of support during the WGLC is not huge there were no objections in moving this document forward. Document Quality Two independent implementations were disclosed: - NLnet Labs, "Routinator", June 2024, <https://www.nlnetlabs.nl/projects/routing/routinator/>. - OpenBSD Project, "rpki-client", January 2024, <https://www.rpki-client.org/>. Personnel The Document Shepherd for this document is Luigi Iannone. The Responsible Area Director is Mohamed Boucadair. _______________________________________________ IETF-Announce mailing list -- [email protected] To unsubscribe send an email to [email protected]
