…ating a new CA certificate with a new subject name, as well as a new key pair [ RFC6489 ]. (The reason for the new subject name is that in the context of the RPKI, the subject names in all certificates issued by a CA are intended to be unique, and because the RPKI key rollover pr…

…a new key pair and roll over all the signed subordinate products to the new CA [RFC6489]. This has a number of implications in terms of subject name management, CRL Scope, and repository publication point management. CRL Scope and Key Values: For CRL Scope, this profile specifies…

… new key pair and roll over all the signed subordinate products to the new CA [ RFC6489 ]. This has a number of implications in terms of subject name management, CRL Scope, and repository publication point management. CRL Scope and Key Values: For CRL Scope, this profile specifie…

…mon publication point, as can occur when a CA performs a key-rollover operation RFC6489 , the repository publication point will contain multiple manifests. In this case, each manifest describes only the collection of published products of its associated CA instance. 3. Manifest S…

… as the previous certificate; thus, key rollover is not required. The document [RFC6489] specifies a conservative key rollover procedure that should be used by a certification authority when it changes the public (and private) keys associated with its RPKI CA certificate. At a hi…

…as the previous certificate; thus, key rollover is not required. The document [ RFC6489 ] specifies a conservative key rollover procedure that should be used by a certification authority when it changes the public (and private) keys associated with its RPKI CA certificate. At a h…

…to such a problem can be addressed by the issuer using the key rollover process RFC6489 to get a new CA certificate. RPs will treat this new certificate as though it represents a distinct CA, and the manifestNumber can be reset at that point. However, this option is not available…

…as the previous certificate; thus, key rollover is not required. The document [ RFC6489 ] specifies a conservative key rollover procedure that should be used by a certification authority when it changes the public (and private) keys associated with its RPKI CA certificate. At a h…

…sitory (id-ad-caRepository) and its manifest (id-ad-rpkiManifest). Section 2 of RFC6489 also states, "While the 'current' and 'new' CA instances share a single repository publication point, each CA has its own CRL and its own manifest." This indicates that only the id-ad-caReposi…

…sitory (id-ad-caRepository) and its manifest (id-ad-rpkiManifest). Section 2 of RFC6489 also states, "While the 'current' and 'new' CA instances share a single repository publication point, each CA has its own CRL and its own manifest." This indicates that only the id-ad-caReposi…