{"draft":"draft-ietf-sidr-bgpsec-pki-profiles-21","doc_id":"RFC8209","title":"A Profile for BGPsec Router Certificates, Certificate Revocation Lists, and Certification Requests","authors":["M. Reynolds","S. Turner","S. Kent"],"format":["ASCII","HTML"],"page_count":"15","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Secure Inter-Domain Routing","abstract":"This document defines a standard profile for X.509 certificates used\r\nto enable validation of Autonomous System (AS) paths in the Border\r\nGateway Protocol (BGP), as part of an extension to that protocol\r\nknown as BGPsec.  BGP is the standard for inter-domain routing in the\r\nInternet; it is the \"glue\" that holds the Internet together.  BGPsec\r\nis being developed as one component of a solution that addresses the\r\nrequirement to provide security for BGP.  The goal of BGPsec is to\r\nprovide full AS path validation based on the use of strong\r\ncryptographic primitives.  The end entity (EE) certificates specified\r\nby this profile are issued to routers within an AS.  Each of these\r\ncertificates is issued under a Resource Public Key Infrastructure\r\n(RPKI) Certification Authority (CA) certificate.  These CA\r\ncertificates and EE certificates both contain the AS Resource extension.\r\nAn EE certificate of this type asserts that\r\nthe router or routers holding the corresponding private key are\r\nauthorized to emit secure route advertisements on behalf of the\r\nAS(es) specified in the certificate.  This document also profiles the\r\nformat of certification requests and specifies Relying Party (RP)\r\ncertificate path validation procedures for these EE certificates.\r\nThis document extends the RPKI; therefore, this document updates the\r\nRPKI Resource Certificates Profile (RFC 6487).","pub_date":"September 2017","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":["RFC6487"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8209","errata_url":null}