Certification Authority Key Rollover in the Resource Public Key Infrastructure
RFC 6489, “Certification Authority Key Rollover in the Resource Public Key Infrastructure”, is a Best Current Practice document published in February 2012 by G. Huston, G. Michaelson, S. Kent. The canonical text is published by the RFC Editor.
Abstract
This document describes how a Certification Authority (CA) in the Resource Public Key Infrastructure (RPKI) performs a planned rollover of its key pair. This document also notes the implications of this key rollover procedure for relying parties (RPs). In general, RPs are expected to maintain a local cache of the objects that have been published in the RPKI repository, and thus the way in which a CA performs key rollover impacts RPs. This memo documents an Internet Best Current Practice.
What “Best Current Practice” means
Documents the IETF community's recommended operational or procedural practice rather than a protocol specification.
The canonical text of RFC 6489 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 6488 Signed Object Template for the Resource Public Key Infrastructure
- RFC 6490 Resource Public Key Infrastructure Trust Anchor Locator
- RFC 6487 A Profile for X.509 PKIX Resource Certificates
- RFC 6491 Resource Public Key Infrastructure Objects Issued by IANA
- RFC 6486 Manifests for the Resource Public Key Infrastructure
- RFC 6492 A Protocol for Provisioning Resource Certificates
- RFC 6485 The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure
- RFC 6493 The Resource Public Key Infrastructure Ghostbusters Record