BGPsec Router Certificate Rollover
RFC 8634, “BGPsec Router Certificate Rollover”, is a Best Current Practice document published in August 2019 by B. Weis, R. Gagliano, K. Patel. The canonical text is published by the RFC Editor.
Abstract
Certification Authorities (CAs) within the Resource Public Key Infrastructure (RPKI) manage BGPsec router certificates as well as RPKI certificates. The rollover of BGPsec router certificates must be carefully performed in order to synchronize the distribution of router public keys with BGPsec UPDATE messages verified with those router public keys. This document describes a safe rollover process, and it discusses when and why the rollover of BGPsec router certificates is necessary. When this rollover process is followed, the rollover will be performed without routing information being lost.
What “Best Current Practice” means
Documents the IETF community's recommended operational or procedural practice rather than a protocol specification.
The canonical text of RFC 8634 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8633 Network Time Protocol Best Current Practices
- RFC 8635 Router Keying for BGPsec
- RFC 8632 A YANG Data Model for Alarm Management
- RFC 8636 Public Key Cryptography for Initial Authentication in Kerberos Algorithm Agility
- RFC 8631 Link Relation Types for Web Services
- RFC 8637 Applicability of the Path Computation Element to the Abstraction and Control of TE Networks
- RFC 8630 Resource Public Key Infrastructure Trust Anchor Locator
- RFC 8638 IPv4 Multicast over an IPv6 Multicast in Softwire Mesh Networks