{"draft":"draft-ietf-sidrops-cms-signing-time-07","doc_id":"RFC9589","title":"On the Use of the Cryptographic Message Syntax (CMS) Signing-Time Attribute in Resource Public Key Infrastructure (RPKI) Signed Objects","authors":["J. Snijders","T. Harrison"],"format":["HTML","TEXT","PDF","XML"],"page_count":"9","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"SIDR Operations","abstract":"In the Resource Public Key Infrastructure (RPKI), Signed Objects are\r\ndefined as Cryptographic Message Syntax (CMS) protected content\r\ntypes. A Signed Object contains a signing-time attribute,\r\nrepresenting the purported time at which the object was signed by its\r\nissuer. RPKI repositories are accessible using the rsync and RPKI\r\nRepository Delta protocols, allowing Relying Parties (RPs) to\r\nsynchronize a local copy of the RPKI repository used for validation\r\nwith the remote repositories. This document describes how the CMS\r\nsigning-time attribute can be used to avoid needless retransfers of\r\ndata when switching between different synchronization protocols. This\r\ndocument updates RFC 6488 by mandating the presence of the CMS\r\nsigning-time attribute and disallowing the use of the\r\nbinary-signing-time attribute.","pub_date":"May 2024","keywords":["CMS","signing-time"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC6488"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9589","errata_url":null}