Clarifications to BGP Origin Validation Based on Resource Public Key Infrastructure
RFC 8481, “Clarifications to BGP Origin Validation Based on Resource Public Key Infrastructure”, is a Proposed Standard document published in September 2018 by R. Bush. It updates RFC 6811. It has since been updated by RFC 9324. The canonical text is published by the RFC Editor.
Abstract
Deployment of BGP origin validation based on Resource Public Key Infrastructure (RPKI) is hampered by, among other things, vendor misimplementations in two critical areas: which routes are validated and whether policy is applied when not specified by configuration. This document is meant to clarify possible misunderstandings causing those misimplementations; it thus updates RFC 6811 by clarifying that all prefixes should have their validation state set and that policy must not be applied without operator configuration.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8481 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8480 6TiSCH Operation Sublayer Protocol
- RFC 8479 Storing Validation Parameters in PKCS#8
- RFC 8483 Yeti DNS Testbed
- RFC 8478 Zstandard Compression and the application/zstd Media Type
- RFC 8484 DNS Queries over HTTPS
- RFC 8477 Report from the Internet of Things Semantic Interoperability Workshop 2016
- RFC 8485 Vectors of Trust
- RFC 8476 Signaling Maximum SID Depth Using OSPF