< draft-ietf-sidr-algorithm-agility-07.txt   draft-ietf-sidr-algorithm-agility-08.txt >
Network Working Group R. Gagliano Network Working Group R. Gagliano
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Intended status: Standards Track S. Kent Intended status: Standards Track S. Kent
Expires: March 27, 2013 BBN Technologies Expires: April 22, 2013 BBN Technologies
S. Turner S. Turner
IECA, Inc. IECA, Inc.
September 23, 2012 October 19, 2012
Algorithm Agility Procedure for RPKI. Algorithm Agility Procedure for RPKI.
draft-ietf-sidr-algorithm-agility-07 draft-ietf-sidr-algorithm-agility-08
Abstract Abstract
This document specifies the process that Certification Authorities This document specifies the process that Certification Authorities
(CAs) and Relying Parties (RPs) participating in the Resource Public (CAs) and Relying Parties (RPs) participating in the Resource Public
Key Infrastructure (RPKI) will need to follow to transition to a new Key Infrastructure (RPKI) will need to follow to transition to a new
(and probably cryptographically stronger) algorithm set. The process (and probably cryptographically stronger) algorithm set. The process
is expected to be completed in a time scale of months or years. is expected to be completed in a time scale of months or years.
Consequently, no emergency transition is specified. The transition Consequently, no emergency transition is specified. The transition
procedure defined in this document supports only a top-down migration procedure defined in this document supports only a top-down migration
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 27, 2013. This Internet-Draft will expire on April 22, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 22, line 34 skipping to change at page 22, line 34
the deprecated Algorithm Suite. the deprecated Algorithm Suite.
5. Each CA SHOULD remove all CA certificates that it has issued 5. Each CA SHOULD remove all CA certificates that it has issued
under the deprecated Algorithm Suite. under the deprecated Algorithm Suite.
6. Each CA that publishes a TAL under the deprecated Algorithm Suite 6. Each CA that publishes a TAL under the deprecated Algorithm Suite
MUST removed it from the TAL's publication point. MUST removed it from the TAL's publication point.
7. Each CA SHOULD continue to maintain the publication point for the 7. Each CA SHOULD continue to maintain the publication point for the
deprecated Algorithm Suite, maintained at least until the CRL deprecated Algorithm Suite, maintained at least until the CRL
nextUpdate. This publication point MUST contain only he CRL and nextUpdate. This publication point MUST contain only the CRL and
a Manifest for that publication point. This behavior provides a a Manifest for that publication point. This behavior provides a
window in which RPs may be able to become aware of the revoked window in which RPs may be able to become aware of the revoked
status of the signed products that have been deleted. status of the signed products that have been deleted.
8. Each RP MUST remove any TALs that is has published under the 8. Each RP MUST remove any TALs that is has published under the
deprecated Algorithm Suite. deprecated Algorithm Suite.
CAs in the RPKI hierarchy may become aware of the deprecation of the CAs in the RPKI hierarchy may become aware of the deprecation of the
algorithm suite at different times, and may execute the procedure algorithm suite at different times, and may execute the procedure
above in an asynchronous fashion relative to one another. Thus, for above in an asynchronous fashion relative to one another. Thus, for
skipping to change at page 27, line 34 skipping to change at page 27, line 34
(RPKI)", BCP 173, RFC 6484, February 2012. (RPKI)", BCP 173, RFC 6484, February 2012.
[RFC6485] Huston, G., "The Profile for Algorithms and Key Sizes for [RFC6485] Huston, G., "The Profile for Algorithms and Key Sizes for
Use in the Resource Public Key Infrastructure (RPKI)", Use in the Resource Public Key Infrastructure (RPKI)",
RFC 6485, February 2012. RFC 6485, February 2012.
[RFC6489] Huston, G., Michaelson, G., and S. Kent, "Certification [RFC6489] Huston, G., Michaelson, G., and S. Kent, "Certification
Authority (CA) Key Rollover in the Resource Public Key Authority (CA) Key Rollover in the Resource Public Key
Infrastructure (RPKI)", BCP 174, RFC 6489, February 2012. Infrastructure (RPKI)", BCP 174, RFC 6489, February 2012.
[RFC6490] "". [RFC6490] Huston, G., Weiler, S., Michaelson, G., and S. Kent,
"Resource Public Key Infrastructure (RPKI) Trust Anchor
Locator", RFC 6490, February 2012.
[RFC6492] Huston, G., Loomans, R., Ellacott, B., and R. Austein, "A [RFC6492] Huston, G., Loomans, R., Ellacott, B., and R. Austein, "A
Protocol for Provisioning Resource Certificates", Protocol for Provisioning Resource Certificates",
RFC 6492, February 2012. RFC 6492, February 2012.
[RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI)
Ghostbusters Record", RFC 6493, February 2012.
Appendix A. Change Log Appendix A. Change Log
Note to the RFC Editor: Please remove this section before Note to the RFC Editor: Please remove this section before
publication. publication.
From 07 to 06
1. Typo in Section 10
2. Correct reference for RFC6493
From 06 to 07: From 06 to 07:
1. Added definition for "Correspond" 1. Added definition for "Correspond"
2. Added reference of correspondence between suites in phase 2 and 3 2. Added reference of correspondence between suites in phase 2 and 3
3. Small nit on the revocation definition. 3. Small nit on the revocation definition.
From 05 to 06: From 05 to 06:
 End of changes. 8 change blocks. 
6 lines changed or deleted 17 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/