| < draft-ietf-sidr-res-certs-20.txt | draft-ietf-sidr-res-certs-21.txt > | |||
|---|---|---|---|---|
| SIDR G. Huston | SIDR G. Huston | |||
| Internet-Draft G. Michaelson | Internet-Draft G. Michaelson | |||
| Intended status: Standards Track R. Loomans | Intended status: Standards Track R. Loomans | |||
| Expires: May 12, 2011 APNIC | Expires: June 6, 2011 APNIC | |||
| November 8, 2010 | December 3, 2010 | |||
| A Profile for X.509 PKIX Resource Certificates | A Profile for X.509 PKIX Resource Certificates | |||
| draft-ietf-sidr-res-certs-20 | draft-ietf-sidr-res-certs-21 | |||
| Abstract | Abstract | |||
| This document defines a standard profile for X.509 certificates for | This document defines a standard profile for X.509 certificates for | |||
| the purposes of supporting validation of assertions of "right-of-use" | the purposes of supporting validation of assertions of "right-of-use" | |||
| of Resources (INRs). The certificates issued under this profile are | of Resources (INRs). The certificates issued under this profile are | |||
| used to convey the Issuer's authorisation of the Subject to be | used to convey the Issuer's authorisation of the Subject to be | |||
| regarded as the current holder of a "right-of-use" of the INRs that | regarded as the current holder of a "right-of-use" of the INRs that | |||
| are described in the certificate. This document contains the | are described in the certificate. This document contains the | |||
| normative specification of Certificate and Certificate Revocation | normative specification of Certificate and Certificate Revocation | |||
| skipping to change at page 1, line 41 ¶ | skipping to change at page 1, line 41 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 12, 2011. | This Internet-Draft will expire on June 6, 2011. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2010 IETF Trust and the persons identified as the | Copyright (c) 2010 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 15 ¶ | skipping to change at page 3, line 15 ¶ | |||
| 7.2. Resource Certification Path Validation . . . . . . . . . . 18 | 7.2. Resource Certification Path Validation . . . . . . . . . . 18 | |||
| 8. Design Notes . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 8. Design Notes . . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 22 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 22 | |||
| 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 23 | 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 | 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 12.1. Normative References . . . . . . . . . . . . . . . . . . . 23 | 12.1. Normative References . . . . . . . . . . . . . . . . . . . 23 | |||
| 12.2. Informative References . . . . . . . . . . . . . . . . . . 24 | 12.2. Informative References . . . . . . . . . . . . . . . . . . 24 | |||
| Appendix A. Example Resource Certificate . . . . . . . . . . . . 24 | Appendix A. Example Resource Certificate . . . . . . . . . . . . 24 | |||
| Appendix B. Example Certificate Revocation List . . . . . . . . . 27 | Appendix B. Example Certificate Revocation List . . . . . . . . . 27 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines a standard profile for X.509 certificates | This document defines a standard profile for X.509 certificates | |||
| [X.509] for use in the context of certification of Internet Number | [X.509] for use in the context of certification of Internet Number | |||
| Resources (INRs), i.e., IP Addresses and Autonomous System (AS) | Resources (INRs), i.e., IP Addresses and Autonomous System (AS) | |||
| Numbers. Such certificates are termed "Resource Certificates". A | Numbers. Such certificates are termed "Resource Certificates". A | |||
| Resource Certificate is a certificate that conforms to the PKIX | Resource Certificate is a certificate that conforms to the PKIX | |||
| profile [RFC5280], and that conforms to the constraints specified in | profile [RFC5280], and that conforms to the constraints specified in | |||
| this profile. A Resource Certificate attests that the Issuer has | this profile. A Resource Certificate attests that the Issuer has | |||
| skipping to change at page 27, line 21 ¶ | skipping to change at page 27, line 21 ¶ | |||
| Version: 2 | Version: 2 | |||
| Signature Algorithm: | Signature Algorithm: | |||
| Hash: SHA256, Encryption: RSA | Hash: SHA256, Encryption: RSA | |||
| Issuer: CN=Demo Production APNIC CA - Not for real use, | Issuer: CN=Demo Production APNIC CA - Not for real use, | |||
| E=ca@apnic.net | E=ca@apnic.net | |||
| This Update: Thu Jul 27 06:30:34 2006 GMT | This Update: Thu Jul 27 06:30:34 2006 GMT | |||
| Next Update: Fri Jul 28 06:30:34 2006 GMT | Next Update: Fri Jul 28 06:30:34 2006 GMT | |||
| Authority Key Identifier: Key Identifier: | Authority Key Identifier: Key Identifier: | |||
| ab:ae:88:ad:64:86:b8:11:3b:8e:ac:7c:3c:05: | ab:ae:88:ad:64:86:b8:11:3b:8e:ac:7c:3c:05: | |||
| 07:02:51:c2:a9:1c | 07:02:51:c2:a9:1c | |||
| Authority Key Identifier: Key Identifier g(AKI): | ||||
| q66IrWSGuBE7jqx8PAUHAlHCqRw | ||||
| CRLNumber: 4 | CRLNumber: 4 | |||
| Revoked Certificates: 1 | Revoked Certificates: 1 | |||
| Serial Number: 1 | Serial Number: 1 | |||
| Revocation Date: Mon Jul 17 05:10:19 2006 GMT | Revocation Date: Mon Jul 17 05:10:19 2006 GMT | |||
| Serial Number: 2 | Serial Number: 2 | |||
| Revocation Date: Mon Jul 17 05:12:25 2006 GMT | Revocation Date: Mon Jul 17 05:12:25 2006 GMT | |||
| Serial Number: 4 | Serial Number: 4 | |||
| Revocation Date: Mon Jul 17 05:40:39 2006 GMT | Revocation Date: Mon Jul 17 05:40:39 2006 GMT | |||
| Signature: | Signature: | |||
| b2:5a:e8:7c:bd:a8:00:0f:03:1a:17:fd:40:2c:46: | b2:5a:e8:7c:bd:a8:00:0f:03:1a:17:fd:40:2c:46: | |||
| End of changes. 5 change blocks. | ||||
| 7 lines changed or deleted | 5 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||