The Resource Public Key Infrastructure (rpki) to Router Protocol

In order to verifiably validate the origin Autonomous Systems of BGP announcements, routers need a simple but reliable mechanism to receive Resource Public Key Infrastructure (RFC 6480) prefix origin data from a trusted cache. This document describes a protocol to deliver validated prefix origin data to routers. [STANDARDS-TRACK]

[1]  Paul Vixie,et al.  A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY) , 1996, RFC.

[2]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[3]  Tatu Ylönen,et al.  The Secure Shell (SSH) Authentication Protocol , 2006, RFC.

[4]  Roger G. Kermode,et al.  Author Guidelines for Reliable Multicast Transport (RMT) Building Blocks and Protocol Instantiation documents , 2002, RFC.

[5]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[6]  Steven M. Bellovin Key Change Strategies for TCP-MD5 , 2007 .

[7]  Jeff Hodges,et al.  Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS) , 2011, RFC.

[8]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[9]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[10]  John G. Scudder,et al.  BGP Prefix Origin Validation , 2013, RFC.

[11]  Randy Bush,et al.  RPKI Router Implementation Report , 2012 .

[12]  Joseph D. Touch,et al.  The TCP Authentication Option , 2010, RFC.

[13]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[14]  Randy Bush,et al.  Serial Number Arithmetic , 1996, RFC.

[15]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[16]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[17]  Chris Lonvick,et al.  The Secure Shell (SSH) Protocol Assigned Numbers , 2006, RFC.

[18]  Geoff Huston,et al.  A Profile for Resource Certificate Repository Structure , 2012, RFC.

[19]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[20]  Andy Heffernan,et al.  Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[21]  Eric Rescorla,et al.  Cryptographic Algorithms for the TCP Authentication Option (TCP-AO) , 2010, RFC.

[22]  Dave Ward,et al.  The rsync URI Scheme , 2010, RFC.

[23]  Thomas Narten,et al.  Guidelines for Writing an IANA Considerations Section in RFCs , 1998, RFC.