Internet Engineering Task Force (IETF) G. Huston Request for Comments: 7935 G. Michaelson, Ed. Obsoletes: 6485 APNIC Category: Standards Track August 2016 ISSN: 2070-1721
Internet Engineering Task Force (IETF) G. Huston Request for Comments: 7935 G. Michaelson, Ed. Obsoletes: 6485 APNIC Category: Standards Track August 2016 ISSN: 2070-1721
The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure
用于资源公钥基础结构的算法和密钥大小的配置文件
Abstract
摘要
This document specifies the algorithms, algorithms' parameters, asymmetric key formats, asymmetric key size, and signature format for the Resource Public Key Infrastructure (RPKI) subscribers that generate digital signatures on certificates, Certificate Revocation Lists (CRLs), Cryptographic Message Syntax (CMS) signed objects and certification requests as well as for the relying parties (RPs) that verify these digital signatures.
本文档规定了资源公钥基础设施(RPKI)订阅者的算法、算法参数、非对称密钥格式、非对称密钥大小和签名格式,这些订阅者在证书、证书撤销列表(CRL)、加密消息语法(CMS)上生成数字签名签名对象和认证请求,以及验证这些数字签名的依赖方(RPs)。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7935.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7935.
Copyright Notice
版权公告
Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2016 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 2. Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Asymmetric Key Pair Formats . . . . . . . . . . . . . . . . . 4 3.1. Public Key Format . . . . . . . . . . . . . . . . . . . . 5 3.2. Private Key Format . . . . . . . . . . . . . . . . . . . 5 4. Signature Format . . . . . . . . . . . . . . . . . . . . . . 5 5. Additional Requirements . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 7. Changes Applied to RFC 6485 . . . . . . . . . . . . . . . . . 6 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 8.2. Informative References . . . . . . . . . . . . . . . . . 8 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 2. Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Asymmetric Key Pair Formats . . . . . . . . . . . . . . . . . 4 3.1. Public Key Format . . . . . . . . . . . . . . . . . . . . 5 3.2. Private Key Format . . . . . . . . . . . . . . . . . . . 5 4. Signature Format . . . . . . . . . . . . . . . . . . . . . . 5 5. Additional Requirements . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 7. Changes Applied to RFC 6485 . . . . . . . . . . . . . . . . . 6 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 8.2. Informative References . . . . . . . . . . . . . . . . . 8 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
This document specifies:
本文件规定:
* the digital signature algorithm and parameters;
* 数字签名算法及参数;
* the hash algorithm and parameters;
* 散列算法和参数;
* the public and private key formats; and,
* 公钥和私钥格式;和
* the signature format
* 签名格式
used by Resource Public Key Infrastructure (RPKI) [RFC6480] subscribers when they apply digital signatures to certificates and Certificate Revocation Lists (CRLs) [RFC5280], Cryptographic Message Syntax (CMS) signed objects [RFC5652] (e.g., Route Origin Authorizations (ROAs) [RFC6482] and manifests [RFC6486]), and certification requests [RFC2986] [RFC4211]. Relying parties (RPs) also use the algorithms defined in this document to verify RPKI subscribers' digital signatures [RFC6480].
资源公钥基础设施(RPKI)[RFC6480]订阅者将数字签名应用于证书和证书撤销列表(CRL)[RFC5280]、加密消息语法(CMS)签名对象[RFC5652](例如路由来源授权(ROA)[RFC6482]和清单[RFC6486])和证书请求[RFC2986]时使用[RFC4211]。依赖方(RPs)也使用本文档中定义的算法来验证RPKI订户的数字签名[RFC6480]。
The RPKI profiles and specification documents that reference RFC 6485 now refer to this document; these documents include the RPKI Certificate Policy (CP) [RFC6484], the RPKI Certificate Profile [RFC6487], the RPKI Architecture [RFC6480], and the Signed Object Template for the RPKI [RFC6488]. Familiarity with these documents is assumed.
参考RFC 6485的RPKI配置文件和规范文件现参考本文件;这些文档包括RPKI证书策略(CP)[RFC6484]、RPKI证书配置文件[RFC6487]、RPKI体系结构[RFC6480]和RPKI的签名对象模板[RFC6488]。假设熟悉这些文档。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
Two cryptographic algorithms are used in the RPKI:
RPKI中使用了两种加密算法:
* The signature algorithm used in certificates, CRLs, CMS signed objects, and certification requests is RSA Public-Key Cryptography Standards (PKCS) #1 Version 1.5 (sometimes referred to as "RSASSA-PKCS1-v1_5") from Section 8.2 of [RFC3447].
* 证书、CRL、CMS签名对象和证书请求中使用的签名算法是[RFC3447]第8.2节中的RSA公钥加密标准(PKCS)第1版第1.5版(有时称为“RSASSA-PKCS1-v1_5”)。
* The hashing algorithm used in certificates, CRLs, CMS signed objects and certification requests is SHA-256 [SHS] (see note below).
* 证书、CRL、CMS签名对象和证书请求中使用的哈希算法是SHA-256[SHS](见下面的注释)。
NOTE: The exception is the use of SHA-1 [SHS] when CAs generate authority and subject key identifiers [RFC6487].
注:例外情况是CA生成授权和主题密钥标识符[RFC6487]时使用SHA-1[SHS]。
In certificates, CRLs, and certification requests the hashing and digital signature algorithms are identified together, i.e., "RSA PKCS #1 v1.5 with SHA-256" or more simply "RSA with SHA-256". The Object Identifier (OID) sha256WithRSAEncryption from [RFC4055] MUST be used in these products.
在证书、CRL和认证请求中,哈希和数字签名算法一起标识,即“RSA PKCS#1 v1.5 with SHA-256”或更简单的“RSA with SHA-256”。这些产品中必须使用[RFC4055]中带有RSA加密的对象标识符(OID)SHA256。
The OID is in the following locations:
OID位于以下位置:
In the certificate, the OID appears in the signature and signatureAlgorithm fields [RFC4055].
在证书中,OID出现在签名和signatureAlgorithm字段[RFC4055]中。
In the CRL, the OID appears in the signatureAlgorithm field [RFC4055].
在CRL中,OID出现在signatureAlgorithm字段[RFC4055]中。
In a certification request, the OID appears in the PKCS #10 signatureAlgorithm field [RFC2986], or in the Certificate Request Message Format (CRMF) POPOSigningKey algorithmIdentifier field [RFC4211].
在认证请求中,OID出现在PKCS#10 signatureAlgorithm字段[RFC2986]或证书请求消息格式(CRMF)POPOSigningKey算法标识符字段[RFC4211]中。
In CMS SignedData, the hashing (message digest) and digital signature algorithms are identified separately. The object identifier and parameters for SHA-256 (as defined in [RFC5754]) MUST be used for the SignedData digestAlgorithms field and the SignerInfo digestAlgorithm field. The object identifier and parameters for rsaEncryption [RFC3370] MUST be used for the SignerInfo signatureAlgorithm field when generating CMS SignedData objects. RPKI implementations MUST accept either rsaEncryption or sha256WithRSAEncryption for the SignerInfo signatureAlgorithm field when verifying CMS SignedData objects (for compatibility with objects produced by implementations conforming to [RFC6485]).
在CMS SignedData中,散列(消息摘要)和数字签名算法是分别识别的。SHA-256(定义见[RFC5754])的对象标识符和参数必须用于SignedData digestAlgorithms字段和SignerInfo digestAlgorithm字段。生成CMS SignedData对象时,必须将RSACEncryption[RFC3370]的对象标识符和参数用于SignerInfo signatureAlgorithm字段。在验证CMS SignedData对象时,RPKI实现必须接受RSANCRYPTION或SHA256WITHRSANCRYPTION,用于SignerInfo signatureAlgorithm字段(用于与符合[RFC6485]的实现生成的对象的兼容性)。
The RSA key pairs used to compute the signatures MUST have a 2048-bit modulus and a public exponent (e) of 65,537.
用于计算签名的RSA密钥对必须具有2048位模和65537的公共指数(e)。
The subject's public key is included in subjectPublicKeyInfo [RFC5280]. It has two sub-fields: algorithm and subjectPublicKey. The values for the structures and their sub-structures follow:
主题的公钥包含在主题公钥信息[RFC5280]中。它有两个子字段:算法和subjectPublicKey。结构及其子结构的值如下所示:
algorithm (which is an AlgorithmIdentifier type): The object identifier for RSA PKCS #1 v1.5 with SHA-256 MUST be used in the algorithm field, as specified in Section 5 of [RFC4055]. The value for the associated parameters from that clause MUST also be used for the parameters field.
算法(属于算法标识符类型):如[RFC4055]第5节所述,算法字段中必须使用RSA PKCS#1 v1.5和SHA-256的对象标识符。该子句中关联参数的值也必须用于参数字段。
subjectPublicKey: RSAPublicKey MUST be used to encode the certificate's subjectPublicKey field, as specified in [RFC4055].
subjectPublicKey:rsPublicKey必须用于对证书的subjectPublicKey字段进行编码,如[RFC4055]中所述。
Local policy determines the private key format.
本地策略确定私钥格式。
The structure for the certificate's signature field is as specified in Section 1.2 of [RFC4055]. The structure for the signature field in the CMS SignedData's SignerInfos is as specified in [RFC5652].
证书签名字段的结构如[RFC4055]第1.2节所述。CMS SignedData的SignerInfos中签名字段的结构如[RFC5652]所述。
It is anticipated that the RPKI will require the adoption of updated key sizes and a different set of signature and hash algorithms over time, in order to maintain an acceptable level of cryptographic security to protect the integrity of signed products in the RPKI. This profile should be replaced to specify such future requirements, as and when appropriate.
预计RPKI将需要随着时间的推移采用更新的密钥大小和一组不同的签名和散列算法,以保持可接受的加密安全级别,以保护RPKI中签名产品的完整性。在适当的情况下,应替换该概要文件,以规定此类未来要求。
The procedures to implement such a transition of key sizes and algorithms are specified in [RFC6916].
[RFC6916]中规定了实现密钥大小和算法转换的程序。
The Security Considerations of [RFC4055], [RFC5280], and [RFC6487] apply to certificates and CRLs. The Security Considerations of [RFC2986], [RFC4211], and [RFC6487] apply to certification requests. The Security Considerations of [RFC5754] apply to CMS signed objects. No new security threats are introduced as a result of this specification.
[RFC4055]、[RFC5280]和[RFC6487]的安全注意事项适用于证书和CRL。[RFC2986]、[RFC4211]和[RFC6487]的安全注意事项适用于认证请求。[RFC5754]的安全注意事项适用于CMS签名对象。本规范不会引入新的安全威胁。
This update includes a slight technical change to [RFC6485] that is considered to be outside the limited scope of an erratum. The document update process has included other errata and also corrected a number of nits.
此更新包括对[RFC6485]的轻微技术更改,该更改被视为超出勘误表的有限范围。文件更新过程包括了其他勘误表,并纠正了一些NIT。
Section 2 of [RFC6485] specified sha256WithRSAEncryption as the OID to use for the SignerInfo signatureAlgorithm field in CMS SignedObjects. However, existing implementations use the rsaEncryption OID for this field. (Support for rsaEncryption in third-party cryptographic libraries is better than sha256WithRSAEncryption, perhaps because [RFC3370] says that support for rsaEncryption is required, while support for OIDs that specify both RSA and a digest algorithm is optional.)
[RFC6485]第2节指定SHA256WithRSA加密作为OID,用于CMS SignedObject中SignerInfo signatureAlgorithm字段。但是,现有实现对此字段使用RSAOID加密。(在第三方加密库中对RSA加密的支持优于使用RSA加密的SH256,可能是因为[RFC3370]表示需要对RSA加密的支持,而对同时指定RSA和摘要算法的OID的支持是可选的。)
Rather than force existing implementations to switch to sha256WithRSAEncryption, this document was changed to follow existing practice. This does not represent a cryptographic algorithm change, just an identifier change. (Unlike certificates, CRLs, and certification requests, CMS signed objects have a separate algorithm identifier field for the hash (digest) algorithm, and that field is already required to contain the id-sha256 OID per Section 2.)
本文档没有强制现有实现切换到使用RSA加密的SHA256,而是更改为遵循现有实践。这并不表示加密算法的更改,只表示标识符的更改。(与证书、CRL和证书请求不同,CMS签名对象有一个单独的哈希(摘要)算法的算法标识符字段,该字段已经需要包含第2节中的id-sha256 OID。)
To avoid compatibility problems, RPs are still required to accept sha256WithRSAEncryption if encountered.
为了避免兼容性问题,如果遇到这种情况,RPs仍然需要接受SHA256withRSA加密。
Other changes include:
其他变化包括:
* Minor wording and typo fixes.
* 次要的措辞和排版。
* Corrections to references ([RFC5652] instead of [RFC3370], [RFC3447] instead of [RFC4055]).
* 参考文献的更正([RFC5652]代替[RFC3370],[RFC3447]代替[RFC4055])。
* Additional citations included in the Introduction.
* 导言中还包括其他引文。
* Correction to the CRMF POPOSigningKey field that is mentioned in Section 2 (algorithmIdentifier instead of signature).
* 更正第2节(算法标识符代替签名)中提到的CRMF POPOSigningKey字段。
* Inclusion of certification requests in mentions of certificates, CRLs, and CMS signed objects.
* 在提及证书、CRL和CMS签名对象时包含证书请求。
* Replacement of text in Section 5 with a pointer to the procedures specified in [RFC6916] (algorithm agility).
* 将第5节中的文本替换为指向[RFC6916](算法敏捷性)中规定的程序的指针。
* Replacement of "signed object" with "CMS signed object" everywhere.
* 到处用“CMS签名对象”替换“签名对象”。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification Request Syntax Specification Version 1.7", RFC 2986, DOI 10.17487/RFC2986, November 2000, <http://www.rfc-editor.org/info/rfc2986>.
[RFC2986]Nystrom,M.和B.Kaliski,“PKCS#10:认证请求语法规范版本1.7”,RFC 2986,DOI 10.17487/RFC2986,2000年11月<http://www.rfc-editor.org/info/rfc2986>.
[RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) Algorithms", RFC 3370, DOI 10.17487/RFC3370, August 2002, <http://www.rfc-editor.org/info/rfc3370>.
[RFC3370]Housley,R.,“加密消息语法(CMS)算法”,RFC 3370,DOI 10.17487/RFC3370,2002年8月<http://www.rfc-editor.org/info/rfc3370>.
[RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", RFC 3447, DOI 10.17487/RFC3447, February 2003, <http://www.rfc-editor.org/info/rfc3447>.
[RFC3447]Jonsson,J.和B.Kaliski,“公钥密码标准(PKCS)#1:RSA密码规范版本2.1”,RFC 3447,DOI 10.17487/RFC3447,2003年2月<http://www.rfc-editor.org/info/rfc3447>.
[RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 4055, DOI 10.17487/RFC4055, June 2005, <http://www.rfc-editor.org/info/rfc4055>.
[RFC4055]Schaad,J.,Kaliski,B.,和R.Housley,“互联网X.509公钥基础设施证书和证书撤销列表(CRL)配置文件中使用的RSA加密的其他算法和标识符”,RFC 4055,DOI 10.17487/RFC4055,2005年6月<http://www.rfc-editor.org/info/rfc4055>.
[RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)", RFC 4211, DOI 10.17487/RFC4211, September 2005, <http://www.rfc-editor.org/info/rfc4211>.
[RFC4211]Schaad,J.“互联网X.509公钥基础设施证书请求消息格式(CRMF)”,RFC 4211,DOI 10.17487/RFC4211,2005年9月<http://www.rfc-editor.org/info/rfc4211>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, <http://www.rfc-editor.org/info/rfc5280>.
[RFC5280]Cooper,D.,Santesson,S.,Farrell,S.,Boeyen,S.,Housley,R.,和W.Polk,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件”,RFC 5280,DOI 10.17487/RFC5280,2008年5月<http://www.rfc-editor.org/info/rfc5280>.
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, RFC 5652, DOI 10.17487/RFC5652, September 2009, <http://www.rfc-editor.org/info/rfc5652>.
[RFC5652]Housley,R.,“加密消息语法(CMS)”,STD 70,RFC 5652,DOI 10.17487/RFC5652,2009年9月<http://www.rfc-editor.org/info/rfc5652>.
[RFC5754] Turner, S., "Using SHA2 Algorithms with Cryptographic Message Syntax", RFC 5754, DOI 10.17487/RFC5754, January 2010, <http://www.rfc-editor.org/info/rfc5754>.
[RFC5754]Turner,S.,“使用具有加密消息语法的SHA2算法”,RFC 5754,DOI 10.17487/RFC5754,2010年1月<http://www.rfc-editor.org/info/rfc5754>.
[RFC6480] Lepinski, M. and S. Kent, "An Infrastructure to Support Secure Internet Routing", RFC 6480, DOI 10.17487/RFC6480, February 2012, <http://www.rfc-editor.org/info/rfc6480>.
[RFC6480]Lepinski,M.和S.Kent,“支持安全互联网路由的基础设施”,RFC 6480,DOI 10.17487/RFC6480,2012年2月<http://www.rfc-editor.org/info/rfc6480>.
[RFC6484] Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate Policy (CP) for the Resource Public Key Infrastructure (RPKI)", BCP 173, RFC 6484, DOI 10.17487/RFC6484, February 2012, <http://www.rfc-editor.org/info/rfc6484>.
[RFC6484]Kent,S.,Kong,D.,Seo,K.,和R.Watro,“资源公钥基础设施(RPKI)的证书政策(CP)”,BCP 173,RFC 6484,DOI 10.17487/RFC64842012年2月<http://www.rfc-editor.org/info/rfc6484>.
[RFC6487] Huston, G., Michaelson, G., and R. Loomans, "A Profile for X.509 PKIX Resource Certificates", RFC 6487, DOI 10.17487/RFC6487, February 2012, <http://www.rfc-editor.org/info/rfc6487>.
[RFC6487]Huston,G.,Michaelson,G.,和R.Loomans,“X.509 PKIX资源证书的配置文件”,RFC 6487,DOI 10.17487/RFC6487,2012年2月<http://www.rfc-editor.org/info/rfc6487>.
[RFC6488] Lepinski, M., Chi, A., and S. Kent, "Signed Object Template for the Resource Public Key Infrastructure (RPKI)", RFC 6488, DOI 10.17487/RFC6488, February 2012, <http://www.rfc-editor.org/info/rfc6488>.
[RFC6488]Lepinski,M.,Chi,A.,和S.Kent,“资源公钥基础设施(RPKI)的签名对象模板”,RFC 6488,DOI 10.17487/RFC6488,2012年2月<http://www.rfc-editor.org/info/rfc6488>.
[SHS] National Institute of Standards and Technology (NIST), "FIPS Publication 180-3: Secure Hash Standard", FIPS Publication 180-3, October 2008.
[SHS]国家标准与技术研究所(NIST),“FIPS出版物180-3:安全哈希标准”,FIPS出版物180-3,2008年10月。
[RFC6482] Lepinski, M., Kent, S., and D. Kong, "A Profile for Route Origin Authorizations (ROAs)", RFC 6482, DOI 10.17487/RFC6482, February 2012, <http://www.rfc-editor.org/info/rfc6482>.
[RFC6482]Lepinski,M.,Kent,S.,和D.Kong,“路线原产地授权(ROA)的概要”,RFC 6482,DOI 10.17487/RFC6482,2012年2月<http://www.rfc-editor.org/info/rfc6482>.
[RFC6485] Huston, G., "The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI)", RFC 6485, DOI 10.17487/RFC6485, February 2012, <http://www.rfc-editor.org/info/rfc6485>.
[RFC6485]Huston,G.“用于资源公钥基础设施(RPKI)的算法和密钥大小的配置文件”,RFC 6485,DOI 10.17487/RFC6485,2012年2月<http://www.rfc-editor.org/info/rfc6485>.
[RFC6486] Austein, R., Huston, G., Kent, S., and M. Lepinski, "Manifests for the Resource Public Key Infrastructure (RPKI)", RFC 6486, DOI 10.17487/RFC6486, February 2012, <http://www.rfc-editor.org/info/rfc6486>.
[RFC6486]Austein,R.,Huston,G.,Kent,S.,和M.Lepinski,“资源公钥基础设施(RPKI)清单”,RFC 6486,DOI 10.17487/RFC6486,2012年2月<http://www.rfc-editor.org/info/rfc6486>.
[RFC6916] Gagliano, R., Kent, S., and S. Turner, "Algorithm Agility Procedure for the Resource Public Key Infrastructure (RPKI)", BCP 182, RFC 6916, DOI 10.17487/RFC6916, April 2013, <http://www.rfc-editor.org/info/rfc6916>.
[RFC6916]Gagliano,R.,Kent,S.和S.Turner,“资源公钥基础设施(RPKI)的算法敏捷程序”,BCP 182,RFC 6916,DOI 10.17487/RFC6916,2013年4月<http://www.rfc-editor.org/info/rfc6916>.
Acknowledgments
致谢
The authors acknowledge the reuse in this document of material originally contained in working drafts of the RPKI Certificate Policy [RFC6484] and resource certificate profile [RFC6487] documents. The coauthors of these two documents -- namely, Stephen Kent, Derrick Kong, Karen Seo, Ronald Watro, George Michaelson, and Robert Loomans -- are acknowledged, with thanks. The constraint on key size noted in this profile is the outcome of comments from Stephen Kent and review comments from David Cooper. Sean Turner has provided additional review input to this document.
作者承认在本文件中重用了最初包含在RPKI证书政策[RFC6484]和资源证书概要[RFC6487]文件工作草案中的材料。这两份文件的合著者——斯蒂芬·肯特、德里克·孔、凯伦·塞、罗纳德·瓦特罗、乔治·迈克尔森和罗伯特·卢曼斯——都得到了认可,并表示感谢。本简介中提到的关键尺寸限制是Stephen Kent的评论和David Cooper的评论的结果。Sean Turner为本文件提供了额外的审查输入。
Andrew Chi and David Mandelberg discovered the issue addressed in this replacement of [RFC6485], and the changes in this updated specification reflect the outcome of a discussion between Rob Austein and Matt Lepinski on the SIDR Working group mailing list. Richard Hansen contributed a significant number of suggestions that have been incorporated into this document.
Andrew Chi和David Mandelberg发现了[RFC6485]的替换中解决的问题,更新规范中的变化反映了Rob Austein和Matt Lepinski在SIDR工作组邮件列表上讨论的结果。Richard Hansen提出了大量建议,这些建议已纳入本文件。
Authors' Addresses
作者地址
Geoff Huston APNIC
杰夫·休斯顿呼吸暂停
Email: gih@apnic.net
Email: gih@apnic.net
George Michaelson (editor) APNIC
乔治·迈克尔森(编辑)APNIC
Email: ggm@apnic.net
Email: ggm@apnic.net