Tech-invite3GPPspaceIETFspace
959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 7382

Template for a Certification Practice Statement (CPS) for the Resource PKI (RPKI)

Pages: 38
Best Current Practice: 173
BCP 173 is also:  6484
Part 2 of 2 – Pages 18 to 38
First   Prev   None

Top   ToC   RFC7382 - Page 18   prevText

4. Certificate Life Cycle Operational Requirements

4.1. Certificate Application

4.1.1. Who Can Submit a Certificate Application

Any subscriber in good standing who holds INRs distributed by <name of organization> may submit a certificate application to this CA. (The exact meaning of "in good standing" is in accordance with the policy of <name of organization>.)
Top   ToC   RFC7382 - Page 19

4.1.2. Enrollment Process and Responsibilities

<Describe your enrollment process for issuing certificates both for initial deployment of the PKI and as an ongoing process. Note that most of the certificates in this PKI are issued as part of your normal business practices, as an adjunct to INR distribution, and thus a separate application to request a certificate may not be necessary. If so, reference should be made to where these practices are documented.>

4.2. Certificate Application Processing

<Describe the certificate request/response processing that you will employ. You should make use of existing standards for certificate application processing (see [RFC6487]).>

4.2.1. Performing Identification and Authentication Functions

<Describe your practices for identification and authentication of certificate applicants. Often, existing practices employed by you to identify and authenticate organizations can be used as the basis for issuance of certificates to these subscribers. Reference can be made to documentation of such existing practices.>

4.2.2. Approval or Rejection of Certificate Applications

<Describe your practices for approval or rejection of applications, and refer to documentation of existing business practices relevant to this process. Note that according to the CP, certificate applications will be approved based on the normal business practices of the entity operating the CA, based on the CA's records of subscribers. The CP also says that each CA will follow the procedure specified in Section 3.2.1 to verify that the requester holds the private key corresponding to the public key that will be bound to the certificate the CA issues to the requester.>

4.2.3. Time to Process Certificate Applications

<Specify here your expected time frame for processing certificate applications.>

4.3. Certificate Issuance

4.3.1. CA Actions during Certificate Issuance

<Describe your procedures for issuance and publication of a certificate.>
Top   ToC   RFC7382 - Page 20

4.3.2. Notification to Subscriber by the CA of Issuance of Certificate

<Name of organization> will notify the subscriber when the certificate is published. <Describe here your procedures for notifying a subscriber when a certificate has been published.>

4.3.3. Notification of Certificate Issuance by the CA to Other Entities

<Describe here any other entities that will be notified when a certificate is published.>

4.4. Certificate Acceptance

4.4.1. Conduct Constituting Certificate Acceptance

When a certificate is issued, the <name of organization> CA will publish it to the repository and notify the subscriber. <This may be done without subscriber review and acceptance. State your policy with respect to subscriber certificate acceptance here.>

4.4.2. Publication of the Certificate by the CA

Certificates will be published at <insert repository URL here> once issued, following the conduct described in Section 4.4.1. This will be done within <specify the time frame within which the certificate will be placed in the repository and the subscriber will be notified>. <Describe any additional procedures with respect to publication of the certificate here.>

4.4.3. Notification of Certificate Issuance by the CA to Other Entities

<Describe here any other entities that will be notified when a certificate is published.>

4.5. Key Pair and Certificate Usage

A summary of the use model for the RPKI is provided below.

4.5.1. Subscriber Private Key and Certificate Usage

The certificates issued by <name of organization> to subordinate INR holders are CA certificates. The private key associated with each of these certificates is used to sign subordinate (CA or EE) certificates and CRLs.
Top   ToC   RFC7382 - Page 21

4.5.2. Relying Party Public Key and Certificate Usage

The primary relying parties in this PKI are organizations that use RPKI EE certificates to verify RPKI-signed objects. Relying parties are referred to Section 4.5.2 of [RFC6484] for additional guidance with respect to acts of reliance on RPKI certificates.

4.6. Certificate Renewal

4.6.1. Circumstance for Certificate Renewal

As per RFC 6484, a certificate will be processed for renewal based on its expiration date or a renewal request from the certificate Subject. The request may be implicit, a side effect of renewing a resource holding agreement, or explicit. If <name of organization> initiates the renewal process based on the certificate expiration date, then <name of organization> will notify the subscriber <insert the period of advance warning, e.g., "2 weeks in advance of the expiration date", or the general policy, e.g., "in conjunction with notification of service expiration">. The validity interval of the new (renewed) certificate will overlap that of the previous certificate by <insert length of overlap period, e.g., 1 week>, to ensure uninterrupted coverage. Certificate renewal will incorporate the same public key as the previous certificate, unless the private key has been reported as compromised (see Section 4.9.1). If a new key pair is being used, the stipulations of Section 4.7 will apply.

4.6.2. Who May Request Renewal

The subscriber or <name of organization> may initiate the renewal process. <For the case of the subscriber, describe the procedures that will be used to ensure that the requester is the legitimate holder of the INRs in the certificate being renewed. This MUST also include the method employed for verifying PoP of the private key corresponding to the public key in the certificate being renewed or the new public key if the public key is being changed. With respect to authentication of the subscriber, the procedures should be commensurate with those you already employ in the maintenance of INR distribution records. If you operate a BPKI for this, describe how that business-based PKI is used to authenticate renewal requests, and refer to Section 3.2.6.>
Top   ToC   RFC7382 - Page 22

4.6.3. Processing Certificate Renewal Requests

<Describe your procedures for handling certificate renewal requests. Describe how you verify that the requester is the subscriber or is authorized by the subscriber, and that the certificate in question has not been revoked.>

4.6.4. Notification of New Certificate Issuance to Subscriber

<Name of organization> will notify the subscriber when the certificate is published. <Describe your procedure for notification of new certificate issuance to the subscriber. This should be consistent with Section 4.3.2.>

4.6.5. Conduct Constituting Acceptance of a Renewal Certificate

See Section 4.4.1. <If you employ a different policy from that specified in Section 4.4.1, describe it here.>

4.6.6. Publication of the Renewal Certificate by the CA

See Section 4.4.2.

4.6.7. Notification of Certificate Issuance by the CA to Other Entities

See Section 4.4.3.

4.7. Certificate Re-key

4.7.1. Circumstance for Certificate Re-key

As per RFC 6484, re-key of a certificate will be performed only when required, based on: 1. knowledge or suspicion of compromise or loss of the associated private key, or 2. the expiration of the cryptographic lifetime of the associated key pair If a certificate is revoked to replace the RFC 3779 extensions, the replacement certificate will incorporate the same public key, not a new key. If the re-key is based on a suspected compromise, then the previous certificate will be revoked.
Top   ToC   RFC7382 - Page 23

4.7.2. Who May Request Certification of a New Public Key

Only the holder of a certificate may request a re-key. In addition, <name of organization> may initiate a re-key based on a verified compromise report. <If the subscriber (certificate Subject) requests the re-key, describe how authentication is effected, e.g., using the <name of registry> BPKI. Describe how a compromise report received from other than a subscriber is verified.>

4.7.3. Processing Certificate Re-keying Requests

<Describe your process for handling re-keying requests. As per the RPKI CP, this should be consistent with the process described in Section 4.3, so reference can be made to that section.>

4.7.4. Notification of New Certificate Issuance to Subscriber

<Describe your policy for notifying the subscriber regarding availability of the new re-keyed certificate. This should be consistent with the notification process for any new certificate issuance (see Section 4.3.2).>

4.7.5. Conduct Constituting Acceptance of a Re-keyed Certificate

When a re-keyed certificate is issued, the CA will publish it in the repository and notify the subscriber. See Section 4.4.1.

4.7.6. Publication of the Re-keyed Certificate by the CA

<Describe your policy regarding publication of the new certificate. This should be consistent with the publication process for any new certificate (see Section 4.4.2).>

4.7.7. Notification of Certificate Issuance by the CA to Other Entities

See Section 4.4.3.

4.8. Certificate Modification

4.8.1. Circumstance for Certificate Modification

As per RFC 6484, modification of a certificate occurs to implement changes to the RFC 3779 extension values or the SIA extension in a certificate. A subscriber can request a certificate modification when this information in a currently valid certificate has changed, as a result of changes in the INR holdings of the subscriber, or as a result of change of the repository publication point data.
Top   ToC   RFC7382 - Page 24
   If a subscriber is to receive a distribution of INRs in addition to a
   current distribution, and if the subscriber does not request that a
   new certificate be issued containing only these additional INRs, then
   this is accomplished through a certificate modification.  When a
   certificate modification is approved, a new certificate is issued.
   The new certificate will contain the same public key and the same
   expiration date as the original certificate, but with the incidental
   information corrected and/or the INR distribution expanded.  When
   previously distributed INRs are to be removed from a certificate,
   then the old certificate will be revoked and a new certificate
   (reflecting the new distribution) issued.

4.8.2. Who May Request Certificate Modification

The subscriber or <name of organization> may initiate the certificate modification process. <For the case of the subscriber, state here what steps will be taken to verify the identity and authorization of the entity requesting the modification.>

4.8.3. Processing Certificate Modification Requests

<Describe your procedures for verification of the modification request and procedures for the issuance of a new certificate. These should be consistent with the processes described in Sections 4.2 and 4.3.1.>

4.8.4. Notification of Modified Certificate Issuance to Subscriber

<Describe your procedure for notifying the subscriber about the issuance of a modified certificate. This should be consistent with the notification process for any new certificate (see Section 4.3.2).>

4.8.5. Conduct Constituting Acceptance of Modified Certificate

When a modified certificate is issued, <name of organization> will publish it to the repository and notify the subscriber. See Section 4.4.1.

4.8.6. Publication of the Modified Certificate by the CA

<Describe your procedure for publication of a modified certificate. This should be consistent with the publication process for any new certificate (see Section 4.4.2).>

4.8.7. Notification of Certificate Issuance by the CA to Other Entities

See Section 4.4.3.
Top   ToC   RFC7382 - Page 25

4.9. Certificate Revocation and Suspension

4.9.1. Circumstances for Revocation

As per RFC 6484, certificates can be revoked for several reasons. Either <name of organization> or the subject may choose to end the relationship expressed in the certificate, thus creating cause to revoke the certificate. If one or more of the INRs bound to the public key in the certificate are no longer associated with the subject, that too constitutes a basis for revocation. A certificate also may be revoked due to loss or compromise of the private key corresponding to the public key in the certificate. Finally, a certificate may be revoked in order to invalidate data signed by the private key associated with that certificate.

4.9.2. Who Can Request Revocation

The subscriber or <name of organization> may request a revocation. <For the case of the subscriber, describe what steps will be taken to verify the identity and authorization of the entity requesting the revocation.>

4.9.3. Procedure for Revocation Request

<Describe your process for handling a certificate revocation request. This should include: o Procedure to be used by the subscriber to request a revocation. o Procedure for notification of the subscriber when the revocation is initiated by <name of organization>.>

4.9.4. Revocation Request Grace Period

A subscriber is required to request revocation as soon as possible after the need for revocation has been identified.

4.9.5. Time within Which CA Must Process the Revocation Request

<Describe your policy on the time period within which you will process a revocation request.>

4.9.6. Revocation Checking Requirement for Relying Parties

As per RFC 6484, a relying party is responsible for acquiring and checking the most recent, scheduled CRL from the issuer of the certificate, whenever the relying party validates a certificate.
Top   ToC   RFC7382 - Page 26

4.9.7. CRL Issuance Frequency

<State the CRL issuance frequency for the CRLs that you publish.> Each CRL contains a nextUpdate value, and a new CRL will be published at or before that time. <Name of organization> will set the nextUpdate value when it issues a CRL, to signal when the next scheduled CRL will be issued.

4.9.8. Maximum Latency for CRLs

A CRL will be published to the repository system within <state the maximum latency> after generation.

4.10. Certificate Status Services

<Name of organization> does not support the Online Certificate Status Protocol (OCSP) or the Server-Based Certificate Validation Protocol (SCVP). <Name of organization> issues CRLs.

5. Facility, Management, and Operational Controls

5.1. Physical Controls

<As per RFC 6484, describe the physical controls that you employ for certificate management. These should be commensurate with those used in the management of INR distribution.>

5.1.1. Site Location and Construction

5.1.2. Physical Access

5.1.3. Power and Air Conditioning

5.1.4. Water Exposures

5.1.5. Fire Prevention and Protection

5.1.6. Media Storage

5.1.7. Waste Disposal

5.1.8. Off-Site Backup

Top   ToC   RFC7382 - Page 27

5.2. Procedural Controls

<As per RFC 6484, describe the procedural security controls that you employ for certificate management. These should be commensurate with those used in the management of INR distribution.>

5.2.1. Trusted Roles

5.2.2. Number of Persons Required per Task

5.2.3. Identification and Authentication for Each Role

5.2.4. Roles Requiring Separation of Duties

5.3. Personnel Controls

<As per RFC 6484, describe the personnel security controls that you employ for individuals associated with certificate management. These should be commensurate with those used in the management of INR distribution.>

5.3.1. Qualifications, Experience, and Clearance Requirements

5.3.2. Background Check Procedures

5.3.3. Training Requirements

5.3.4. Retraining Frequency and Requirements

5.3.5. Job Rotation Frequency and Sequence

5.3.6. Sanctions for Unauthorized Actions

5.3.7. Independent Contractor Requirements

5.3.8. Documentation Supplied to Personnel

Top   ToC   RFC7382 - Page 28

5.4. Audit Logging Procedures

<As per the CP, describe in the following sections the details of how you implement audit logging.>

5.4.1. Types of Events Recorded

Audit records will be generated for the basic operations of the Certification Authority computing equipment. Audit records will include the date, time, responsible user or process, and summary content data relating to the event. Auditable events include: o Access to CA computing equipment (e.g., logon, logout) o Messages received requesting CA actions (e.g., certificate requests, certificate revocation requests, compromise notifications) o Certificate creation, modification, revocation, or renewal actions o Posting of any material to a repository o Any attempts to change or delete audit data o Key generation o Software and/or configuration updates to the CA o Clock adjustments <List here any additional types of events that will be audited.>

5.4.2. Frequency of Processing Log

<Describe your procedures for review of audit logs.>

5.4.3. Retention Period for Audit Log

<Describe your policies for retention of audit logs.>

5.4.4. Protection of Audit Log

<Describe your policies for protection of the audit logs.>

5.4.5. Audit Log Backup Procedures

<Describe your policies for backup of the audit logs.>
Top   ToC   RFC7382 - Page 29

5.4.6. Audit Collection System (Internal vs. External) [OMITTED]

5.4.7. Notification to Event-Causing Subject [OMITTED]

5.4.8. Vulnerability Assessments

<Describe any vulnerability assessments that you will apply (or have already applied) to the PKI subsystems. This should include whether such assessments have taken place and any procedures or plans to perform or repeat/reassess vulnerabilities in the future.>

5.5. Records Archival [OMITTED]

5.6. Key Changeover

The <name of organization> CA certificate will contain a validity period that is at least as long as that of any certificate being issued under that certificate. When <name of organization> CA changes keys, it will follow the procedures described in [RFC6489].

5.7. Compromise and Disaster Recovery

<Describe your plans for dealing with CA key compromise and how you plan to continue/restore operation of your RPKI CA in the event of a disaster.>

5.8. CA or RA Termination

<Describe your policy for management of your CA's INR distributions in case of its own termination.>

6. Technical Security Controls

This section describes the security controls used by <name of organization>.

6.1. Key Pair Generation and Installation

6.1.1. Key Pair Generation

<Describe the procedures used to generate the CA key pair and, if applicable, key pairs for subscribers. In most instances, public-key pairs will be generated by the subscriber, i.e., the organization receiving the distribution of INRs. However, your procedures may include one for generating key pairs on behalf of your subscribers if they so request.>
Top   ToC   RFC7382 - Page 30

6.1.2. Private Key Delivery to Subscriber

<If the procedures in Section 6.1.1 include providing key pair generation services for subscribers, describe the means by which private keys are delivered to subscribers in a secure fashion. Otherwise, say this is not applicable.>

6.1.3. Public Key Delivery to Certificate Issuer

<Describe the procedures that will be used to deliver a subscriber's public keys to the <name of organization> RPKI CA. These procedures MUST ensure that the public key has not been altered during transit and that the subscriber possesses the private key corresponding to the transferred public key.> See RFC 6487 for details.

6.1.4. CA Public Key Delivery to Relying Parties

CA public keys for all entities (other than trust anchors) are contained in certificates issued by other CAs and will be published to the RPKI repository system. Relying parties will download these certificates from this system. Public key values and associated data for (putative) trust anchors will be distributed out of band and accepted by relying parties on the basis of locally defined criteria, e.g., embedded in path validation software that will be made available to the Internet community.

6.1.5. Key Sizes

The key sizes used in this PKI are as specified in [RFC6485].

6.1.6. Public Key Parameter Generation and Quality Checking

The public key algorithms and parameters used in this PKI are as specified in [RFC6485]. <If the procedures in Section 6.1.1 include subscriber key pair generation, EITHER insert here text specifying that the subscriber is responsible for performing checks on the quality of its key pair and saying that <name of organization> is not responsible for performing such checks for subscribers OR describe the procedures used by the CA for checking the quality of these subscriber key pairs.>

6.1.7. Key Usage Purposes (as per X.509 v3 Key Usage Field)

The KeyUsage extension bit values employed in RPKI certificates are specified in [RFC6487].
Top   ToC   RFC7382 - Page 31

6.2. Private Key Protection and Cryptographic Module Engineering Controls

6.2.1. Cryptographic Module Standards and Controls

<Describe the standards and controls employed for the CA cryptographic module, e.g., it was evaluated under FIPS 140-2/3, at level 2 or 3. See [FIPS] for details.>

6.2.2. Private Key (n out of m) Multi-Person Control

<If you choose to use multi-person controls to constrain access to your CA's private keys, then insert the following text. "There will be private key <insert here n> out of <insert here m> multi-person control.">

6.2.3. Private Key Escrow

<No private key escrow procedures are required for the RPKI, but if the CA chooses to employ escrow, state so here.>

6.2.4. Private Key Backup

<Describe the procedures used for backing up your CA's private key. The following aspects should be included. (1) The copying should be done under the same multi-party control as is used for controlling the original private key. (2) At least one copy should be kept at an off-site location for disaster recovery purposes.>

6.2.5. Private Key Archival

See Sections 6.2.3 and 6.2.4.

6.2.6. Private Key Transfer into or from a Cryptographic Module

The private key for the <name of organization> production CA <if appropriate, change "production CA" to "production and offline CAs"> will be generated by the cryptographic module specified in Section 6.2.1. The private keys will never leave the module except in encrypted form for backup and/or transfer to a new module.

6.2.7. Private Key Storage on Cryptographic Module

The private key for the <name of organization> production CA <if appropriate, change "production CA" to "production and offline CAs"> will be stored in the cryptographic module. It will be protected from unauthorized use <say how here>.
Top   ToC   RFC7382 - Page 32

6.2.8. Method of Activating Private Key

<Describe the mechanisms and data used to activate your CA's private key.>

6.2.9. Method of Deactivating Private Key

<Describe the process and procedure for private key deactivation here.>

6.2.10. Method of Destroying Private Key

<Describe the method used for destroying your CA's private key, e.g., when it is superseded. This will depend on the particular module.>

6.2.11. Cryptographic Module Rating

<Describe the rating of the cryptographic module used by the CA, if applicable.>

6.3. Other Aspects of Key Pair Management

6.3.1. Public Key Archival

<Because this PKI does not support non-repudiation, there is no need to archive public keys. If keys are not archived, say so. If they are, describe the archive processes and procedures.>

6.3.2. Certificate Operational Periods and Key Pair Usage Periods

The <name of organization> CA's key pair will have a validity interval of <insert number of years>. <These key pairs and certificates should have reasonably long validity intervals, e.g., 10 years, to minimize the disruption caused by key changeover. Note that the CA's key lifetime is under the control of its issuer, so the CPS MUST reflect the key lifetime imposed by the issuer.>

6.4. Activation Data

6.4.1. Activation Data Generation and Installation

<Describe how activation data for your CA will be generated.>

6.4.2. Activation Data Protection

Activation data for the CA private key will be protected by <describe your procedures here>.
Top   ToC   RFC7382 - Page 33

6.4.3. Other Aspects of Activation Data

<Add here any details you wish to provide with regard to the activation data for your CA. If there are none, say "None".>

6.5. Computer Security Controls

<Describe your security requirements for the computers used to support this PKI, e.g., requirements for authenticated logins, audit capabilities, etc. These requirements should be commensurate with those used for the computers used for managing distribution of INRs.>

6.6. Life Cycle Technical Controls

6.6.1. System Development Controls

<Describe any system development controls that apply to the PKI systems, e.g., use of Trusted System Development Methodology (TSDM).>

6.6.2. Security Management Controls

<Describe the security management controls that will be used for the RPKI software and equipment employed by the CA. These security measures should be commensurate with those used for the systems used by the CAs for managing and distributing INRs.>

6.6.3. Life Cycle Security Controls

<Describe how the equipment (hardware and software) used for RPKI functions will be procured, installed, maintained, and updated. This should be done in a fashion commensurate with the way in which equipment for the management and distribution of INRs is handled.>

6.7. Network Security Controls

<Describe the network security controls that will be used for CA operation. These should be commensurate with the network security controls employed for the computers used for managing distribution of INRs.>

6.8. Time-Stamping

The RPKI does not make use of time-stamping.

7. Certificate and CRL Profiles

See [RFC6487].
Top   ToC   RFC7382 - Page 34

8. Compliance Audit and Other Assessments

<List here any audit and other assessments used to ensure the security of the administration of INRs. These are sufficient for the RPKI systems. However, additional forms of security assessments are a good idea and should be listed if performed.>

9. Other Business and Legal Matters

<The sections below are optional. Fill them in as appropriate for your organization. The CP says that CAs should cover Sections 9.1 to 9.11 and 9.13 to 9.16, although not every CA will choose to do so. Note that the manner in which you manage your business and legal matters for this PKI should be commensurate with the way in which you manage business and legal matters for the distribution of INRs.>

9.1. Fees

9.1.1. Certificate Issuance or Renewal Fees

9.1.2. Certificate Access Fees [OMITTED]

9.1.3. Revocation or Status Information Access Fees [OMITTED]

9.1.4. Fees for Other Services (if Applicable)

9.1.5. Refund Policy

9.2. Financial Responsibility

9.2.1. Insurance Coverage

9.2.2. Other Assets

9.2.3. Insurance or Warranty Coverage for End-Entities

9.3. Confidentiality of Business Information

9.3.1. Scope of Confidential Information

9.3.2. Information Not within the Scope of Confidential Information

9.3.3. Responsibility to Protect Confidential Information

9.4. Privacy of Personal Information

9.4.1. Privacy Plan

Top   ToC   RFC7382 - Page 36

9.15. Compliance with Applicable Law

9.16. Miscellaneous Provisions

9.16.1. Entire Agreement

9.16.2. Assignment

9.16.3. Severability

9.16.4. Enforcement (Attorneys' Fees and Waiver of Rights)

9.16.5. Force Majeure

<END TEMPLATE TEXT>

10. Security Considerations

The degree to which a relying party can trust the binding embodied in a certificate depends on several factors. These factors can include o the practices followed by the Certification Authority (CA) in authenticating the subject o the CA's operating policy, procedures, and technical security controls, including the scope of the subscriber's responsibilities (for example, in protecting the private key) o the stated responsibilities and liability terms and conditions of the CA (for example, warranties, disclaimers of warranties, and limitations of liability) This document provides a framework to address the technical, procedural, personnel, and physical security aspects of Certification Authorities, Registration Authorities, repositories, subscribers, and relying party cryptographic modules, in order to ensure that the certificate generation, publication, renewal, re-key, usage, and revocation are done in a secure manner. Specifically, the following sections are oriented towards ensuring the secure operation of the PKI entities such as CA, RA, repository, subscriber systems, and relying party systems: Section 3 ("Identification and Authentication" (I&A)) Section 4 ("Certificate Life Cycle Operational Requirements") Section 5 ("Facility, Management, and Operational Controls") Section 6 ("Technical Security Controls") Section 7 ("Certificate and CRL Profiles") Section 8 ("Compliance Audit and Other Assessments")
Top   ToC   RFC7382 - Page 37

11. References

11.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>. [RFC6484] Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI)", BCP 173, RFC 6484, February 2012, <http://www.rfc-editor.org/info/rfc6484>. [RFC6485] Huston, G., "The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI)", RFC 6485, February 2012, <http://www.rfc-editor.org/ info/rfc6485>. [RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for X.509 PKIX Resource Certificates", RFC 6487, February 2012, <http://www.rfc-editor.org/info/rfc6487>.

11.2. Informative References

[FIPS] Federal Information Processing Standards Publication 140-3 (FIPS-140-3), "Security Requirements for Cryptographic Modules", Information Technology Laboratory, National Institute of Standards and Technology, Work in Progress. [RFC3647] Chokhani, S., Ford, W., Sabett, R., Merrill, C., and S. Wu, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework", RFC 3647, November 2003, <http://www.rfc-editor.org/info/rfc3647>. [RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support Secure Internet Routing", RFC 6480, February 2012, <http://www.rfc-editor.org/info/rfc6480>. [RFC6481] Huston, G., Loomans, R., and G. Michaelson, "A Profile for Resource Certificate Repository Structure", RFC 6481, February 2012, <http://www.rfc-editor.org/info/rfc6481>. [RFC6482] Lepinski, M., Kent, S., and D. Kong, "A Profile for Route Origin Authorizations (ROAs)", RFC 6482, February 2012, <http://www.rfc-editor.org/info/rfc6482>.
Top   ToC   RFC7382 - Page 38
   [RFC6486]  Austein, R., Huston, G., Kent, S., and M. Lepinski,
              "Manifests for the Resource Public Key Infrastructure
              (RPKI)", RFC 6486, February 2012,
              <http://www.rfc-editor.org/info/rfc6486>.

   [RFC6489]  Huston, G., Michaelson, G., and S. Kent, "Certification
              Authority (CA) Key Rollover in the Resource Public Key
              Infrastructure (RPKI)", BCP 174, RFC 6489, February 2012,
              <http://www.rfc-editor.org/info/rfc6489>.

Acknowledgments

The authors would like to thank Matt Lepinski for help with the formatting, Ron Watro for assistance with the editing, and other members of the SIDR working group for reviewing this document.

Authors' Addresses

Stephen Kent BBN Technologies 10 Moulton Street Cambridge, MA 02138 United States Phone: +1 (617) 873-3988 EMail: skent@bbn.com Derrick Kong BBN Technologies 10 Moulton Street Cambridge, MA 02138 United States Phone: +1 (617) 873-1951 EMail: dkong@bbn.com Karen Seo BBN Technologies 10 Moulton Street Cambridge, MA 02138 United States Phone: +1 (617) 873-3152 EMail: kseo@bbn.com