Search RFCs
RFC 8209
A Profile for BGPsec Router Certificates, Certificate Revocation Lists, and Certification Requests,September 2017
- File formats:
- Status:
- PROPOSED STANDARD
- Updates:
- RFC 6487
- Authors:
- M. Reynolds
S. Turner
S. Kent - Stream:
- IETF
- Source:
- sidr (rtg)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC8209
Discuss this RFC: Send questions or comments to the mailing listsidr@ietf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 8209
Abstract
This document defines a standard profile for X.509 certificates usedto enable validation of Autonomous System (AS) paths in the BorderGateway Protocol (BGP), as part of an extension to that protocolknown as BGPsec. BGP is the standard for inter-domain routing in theInternet; it is the "glue" that holds the Internet together. BGPsecis being developed as one component of a solution that addresses therequirement to provide security for BGP. The goal of BGPsec is toprovide full AS path validation based on the use of strongcryptographic primitives. The end entity (EE) certificates specifiedby this profile are issued to routers within an AS. Each of thesecertificates is issued under a Resource Public Key Infrastructure(RPKI) Certification Authority (CA) certificate. These CAcertificates and EE certificates both contain the AS Resource extension.An EE certificate of this type asserts thatthe router or routers holding the corresponding private key areauthorized to emit secure route advertisements on behalf of theAS(es) specified in the certificate. This document also profiles theformat of certification requests and specifies Relying Party (RP)certificate path validation procedures for these EE certificates.This document extends the RPKI; therefore, this document updates theRPKI Resource Certificates Profile (RFC 6487).
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.