{"draft":"draft-ietf-sidr-rpki-manifests-16","doc_id":"RFC6486","title":"Manifests for the Resource Public Key Infrastructure (RPKI)","authors":["R. Austein","G. Huston","S. Kent","M. Lepinski"],"format":["ASCII","HTML"],"page_count":"19","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Secure Inter-Domain Routing","abstract":"This document defines a \"manifest\" for use in the Resource Public Key\r\nInfrastructure (RPKI).  A manifest is a signed object (file) that\r\ncontains a listing of all the signed objects (files) in the\r\nrepository publication point (directory) associated with an authority\r\nresponsible for publishing in the repository.  For each certificate,\r\nCertificate Revocation List (CRL), or other type of signed objects\r\nissued by the authority that are published at this repository\r\npublication point, the manifest contains both the name of the file\r\ncontaining the object and a hash of the file content.  Manifests are\r\nintended to enable a relying party (RP) to detect certain forms of\r\nattacks against a repository.  Specifically, if an RP checks a\r\nmanifest's contents against the signed objects retrieved from a\r\nrepository publication point, then the RP can detect \"stale\" (valid)\r\ndata and deletion of signed objects.  [STANDARDS-TRACK]","pub_date":"February 2012","keywords":["[--------]"],"obsoletes":[],"obsoleted_by":["RFC9286"],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6486","errata_url":null}