{"draft":"draft-ietf-sidrops-https-tal-08","doc_id":"RFC8630","title":"Resource Public Key Infrastructure (RPKI) Trust Anchor Locator","authors":["G. Huston","S. Weiler","G. Michaelson","S. Kent","T. Bruijnzeels"],"format":["ASCII","HTML"],"page_count":"11","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"SIDR Operations","abstract":"This document defines a Trust Anchor Locator (TAL) for the Resource\r\nPublic Key Infrastructure (RPKI).  The TAL allows Relying Parties in\r\nthe RPKI to download the current Trust Anchor (TA) Certification\r\nAuthority (CA) certificate from one or more locations and verify that\r\nthe key of this self-signed certificate matches the key on the TAL.\r\nThus, Relying Parties can be configured with TA keys but can allow\r\nthese TAs to change the content of their CA certificate.  In\r\nparticular, it allows TAs to change the set of IP Address Delegations\r\nand\/or Autonomous System Identifier Delegations included in the\r\nextension(s) (RFC 3779) of their certificate.\r\n\r\nThis document obsoletes the previous definition of the TAL as\r\nprovided in RFC 7730 by adding support for Uniform Resource\r\nIdentifiers (URIs) (RFC 3986) that use HTTP over TLS (HTTPS) (RFC\r\n7230) as the scheme.","pub_date":"August 2019","keywords":[],"obsoletes":["RFC7730"],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8630","errata_url":null}