--- 1/draft-ietf-sidr-publication-11.txt 2017-03-11 14:13:08.978797408 -0800 +++ 2/draft-ietf-sidr-publication-12.txt 2017-03-11 14:13:09.014798282 -0800 @@ -1,21 +1,21 @@ Network Working Group S. Weiler Internet-Draft W3C / MIT Intended status: Standards Track A. Sonalker -Expires: August 21, 2017 TowerSec +Expires: September 12, 2017 TowerSec R. Austein Dragon Research Labs - February 17, 2017 + March 11, 2017 A Publication Protocol for the Resource Public Key Infrastructure (RPKI) - draft-ietf-sidr-publication-11 + draft-ietf-sidr-publication-12 Abstract This document defines a protocol for publishing Resource Public Key Infrastructure (RPKI) objects. Even though the RPKI will have many participants issuing certificates and creating other objects, it is operationally useful to consolidate the publication of those objects. Even in cases where a certificate issuer runs their own publication repository, it can be useful to run the certificate engine itself on a different machine from the publication repository. This document @@ -29,21 +29,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on August 21, 2017. + This Internet-Draft will expire on September 12, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -195,21 +195,21 @@ "Business Public Key Infrastructure" ("Business PKI" or "BPKI") refers to a PKI, separate from the RPKI, used to authenticate clients to the publication engine. We use the term "Business PKI" here because an Internet registry might already have a PKI for authenticating its clients and might wish to reuse that PKI for this protocol. There is, however, no requirement to reuse such a PKI. 2. Protocol Specification The publication protocol uses XML ([XML]) messages wrapped in signed - CMS messages, carried over HTTP transport ([RFC2616]). The CMS + CMS messages, carried over HTTP transport ([RFC7230]). The CMS encapsulation is identical to that used in [RFC6492], section 3.1 and subsections. The publication protocol uses a simple request/response interaction. The client passes a request to the server, and the server generates a corresponding response. A message exchange commences with the client initiating an HTTP POST with content type of "application/rpki-publication", with the message object as the body. The server's response will similarly be the body @@ -272,21 +272,23 @@ tagging MAY use any syntactically legal value, including simply using the empty string for all tag fields. This document describes version 4 of this protocol. An implementation which understands only this version of the protocol MUST reject messages with a different protocol version attribute, signalling the error as described in Section 2.4. Since "4" is currently the only value allowed for the version attribute in the schema (Section 2.6), an incorrect protocol version can be detected either by checking the version attribute directly or as a schema - validation error. + validation error. Any future update to this protocol which is either + syntactically or semantically incompatible with the current version + will need to increment the protocol version number. 2.2. Publication and Withdrawal The publication protocol uses a common message format to request publication of any RPKI object. This format was chosen specifically to allow this protocol to accommodate new types of RPKI objects without needing changes to this protocol. Both the and PDUs have a payload of a tag and an rsync URI ([RFC3986], [RFC5781]). The query also @@ -798,60 +800,60 @@ 7.1. Normative References [RelaxNG] Clark, J., "RELAX NG Compact Syntax", OASIS , November 2002, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, BCP 14, March 1997. - [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., - Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext - Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. - [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", RFC 3986, STD 66, January 2005. [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, October 2006. [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 5652, STD 70, September 2009. [RFC5781] Weiler, S., Ward, D., and R. Housley, "The rsync URI Scheme", RFC 5781, February 2010. [RFC6492] Huston, G., Loomans, R., Ellacott, B., and R. Austein, "A Protocol for Provisioning Resource Certificates", RFC 6492, February 2012. + [RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol + (HTTP/1.1): Message Syntax and Routing", RFC 7230, June + 2014. + [SHS] National Institute of Standards and Technology, "Secure Hash Standard", FIPS PUB 180-4, March 2012, . [XML] Cowan, J., "Extensible Markup Language (XML) 1.1", W3C CR CR-xml11-20021015, October 2002. 7.2. Informative References [I-D.ietf-sidr-delta-protocol] Bruijnzeels, T., Muravskiy, O., Weber, B., and R. Austein, "RPKI Repository Delta Protocol", draft-ietf-sidr-delta- protocol-07 (work in progress), February 2017. [I-D.ietf-sidr-rpki-oob-setup] Austein, R., "An Out-Of-Band Setup Protocol For RPKI - Production Services", draft-ietf-sidr-rpki-oob-setup-06 - (work in progress), January 2017. + Production Services", draft-ietf-sidr-rpki-oob-setup-09 + (work in progress), February 2017. [RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support Secure Internet Routing", RFC 6480, February 2012. Authors' Addresses Samuel Weiler W3C / MIT Email: weiler@csail.mit.edu