…es that define extensions to X.509 to represent IP addresses and AS identifiers RFC3779 ], thus the name RPKI. Route Origin Authorizations (ROAs) RFC6482 ] are separate digitally signed objects that define associations between ASes and IP address blocks. Finally, the repository s…
…"inherit" attribute, rather than an explicit description of a resource set (see RFC3779 ). (RPs are required to verify this.) The validity interval of the EE certificate MUST exactly match the thisUpdate and nextUpdate times specified in the manifest's eContent. (An RP MUST NOT c…
…s Delegation extension or the Autonomous System Identifier Delegation extension RFC3779 , or both. However, because the resource set is irrelevant to this object type, this certificate MUST describe its INRs using the "inherit" attribute rather than explicitly describing a resour…
… Profile" [ RFC5280 ], "X.509 Extensions for IP Addresses and AS Identifiers" [ RFC3779 ], and "Cryptographic Message Syntax (CMS)" [ RFC5652 ]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in thi…
…file" [ RFC5280 ], and "X.509 Extensions for IP Addresses and AS Identifiers" [ RFC3779 ]. In addition, the following terms are used in this document: Repository Object (or Object): This refers to a terminal object in a repository publication point. A terminal object is conventio…
… extension. The EE certificate MUST NOT use "inherit" elements as described in [RFC3779]. Notes: Having spoken to the authors, the authors' intent was to disallow "inherit" in ROA EE certificates in order to simplify validation of ROAs. Implementers agree, and as of March 2012, t…
… extension. The EE certificate MUST NOT use "inherit" elements as described in [RFC3779]. Notes: Having spoken to the authors, the authors' intent was to disallow "inherit" in ROA EE certificates in order to simplify validation of ROAs. Implementers agree, and as of March 2012, t…
← Previous
Page 2