Diff: draft-ietf-sidrops-rpki-crl-numbers-04.txt - draft-ietf-sidrops-rpki-crl-numbers-05.txt

	draft-ietf-sidrops-rpki-crl-numbers-04.txt	draft-ietf-sidrops-rpki-crl-numbers-05.txt

	SIDROPS J. Snijders	SIDROPS J. Snijders
	Internet-Draft	Internet-Draft
	Updates: 6487 (if approved) B. Maddison	Updates: 6487 (if approved) B. Maddison
	Intended status: Standards Track Workonline	Intended status: Standards Track Workonline

	Expires: 26 September 2025 T. Buehler	Expires: 23 November 2025 T. Buehler
	OpenBSD	OpenBSD

	25 March 2025	22 May 2025

	Handling of Resource Public Key Infrastructure (RPKI) Certificate	Handling of Resource Public Key Infrastructure (RPKI) Certificate
	Revocation List (CRL) Number Extensions	Revocation List (CRL) Number Extensions

	draft-ietf-sidrops-rpki-crl-numbers-04	draft-ietf-sidrops-rpki-crl-numbers-05

	Abstract	Abstract

	This document revises how the Resource Public Key Infrastructure	This document revises how the Resource Public Key Infrastructure
	(RPKI) handles Certificate Revocation List (CRL) Number extensions.	(RPKI) handles Certificate Revocation List (CRL) Number extensions.
	This document updates RFC 6487.	This document updates RFC 6487.

	Status of This Memo	Status of This Memo

	This Internet-Draft is submitted in full conformance with the	This Internet-Draft is submitted in full conformance with the

	skipping to change at page 1, line 36 ¶	skipping to change at page 1, line 36 ¶
	Internet-Drafts are working documents of the Internet Engineering	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.	Drafts is at https://datatracker.ietf.org/drafts/current/.

	Internet-Drafts are draft documents valid for a maximum of six months	Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."	material or to cite them other than as "work in progress."


	This Internet-Draft will expire on 26 September 2025.	This Internet-Draft will expire on 23 November 2025.

	Copyright Notice	Copyright Notice

	Copyright (c) 2025 IETF Trust and the persons identified as the	Copyright (c) 2025 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents (https://trustee.ietf.org/	Provisions Relating to IETF Documents (https://trustee.ietf.org/
	license-info) in effect on the date of publication of this document.	license-info) in effect on the date of publication of this document.
	Please review these documents carefully, as they describe your rights	Please review these documents carefully, as they describe your rights

	skipping to change at page 6, line 7 ¶	skipping to change at page 6, line 7 ¶
	This document has no additional operational considerations compared	This document has no additional operational considerations compared
	to Section 9 of [RFC6487].	to Section 9 of [RFC6487].

	5. Security Considerations	5. Security Considerations

	The Security Considerations of [RFC3779], [RFC5280], and [RFC6487]	The Security Considerations of [RFC3779], [RFC5280], and [RFC6487]
	apply to Resource Certificates and CRLs.	apply to Resource Certificates and CRLs.

	This document explicates that, in the RPKI, the CRL listed on the	This document explicates that, in the RPKI, the CRL listed on the
	certificate issuer's current Manifest is the one relevant and	certificate issuer's current Manifest is the one relevant and

	appropriate for determinining the revocation status of a resouce	appropriate for determining the revocation status of a resource
	certificate. By way of the hash in the manifest's FileList this	certificate. By way of the hash in the manifest's FileList this
	provides a cryptographic guarantee on the Certification Authority's	provides a cryptographic guarantee on the Certification Authority's
	intent that this is the most recent CRL and removes possible replay	intent that this is the most recent CRL and removes possible replay
	vectors.	vectors.

	6. IANA Considerations	6. IANA Considerations

	This document has no IANA actions.	This document has no IANA actions.

	7. References	7. References

	skipping to change at page 8, line 8 ¶	skipping to change at page 8, line 8 ¶

	* OpenBSD [rpki-client]	* OpenBSD [rpki-client]

	* [FORT]	* [FORT]

	* [routinator]	* [routinator]

	Acknowledgements	Acknowledgements

	The authors wish to thank Tom Harrison whose observations prompted	The authors wish to thank Tom Harrison whose observations prompted

	this document, Alberto Leiva, Tim Bruijnzeels, Mohamed Boucadair, and	this document, Alberto Leiva, Tim Bruijnzeels, Mohamed Boucadair,
	Geoff Huston for valuable feedback.	Geoff Huston, and the IESG for their valuable comments and feedback.

	Authors' Addresses	Authors' Addresses

	Job Snijders	Job Snijders
	Amsterdam	Amsterdam
	The Netherlands	The Netherlands
	Email: job@sobornost.net	Email: job@sobornost.net

	Ben Maddison	Ben Maddison
	Workonline	Workonline

End of changes. 6 change blocks.
	7 lines changed or deleted	7 lines changed or added
This html diff was produced by rfcdiff 1.49. The latest version is available from https://github.com/ietf-tools/rfcdiff