diff --git a/draft-ietf-sidrops-6486bis.xml b/draft-ietf-sidrops-6486bis.xml index 32fa2ed..e1cb170 100644 --- a/draft-ietf-sidrops-6486bis.xml +++ b/draft-ietf-sidrops-6486bis.xml @@ -10,7 +10,7 @@ - + @@ -706,14 +706,22 @@ The RP MUST acquire all of the files enumerated in the manifest - (fileList) from the publication point. This includes the CRL, - each object containing an EE certificate issued by the CA, and - any subordinate CA and EE certificates. If there are files - listed in the manifest that cannot be retrieved from the - publication point, or if they fail the validity tests specified - in , the fetch has failed and the RP - MUST proceed to ; otherwise, proceed to - . + (fileList) from the publication point. If there are files listed + in the manifest that cannot be retrieved from the publication + point, or if they fail the validity tests specified in + [RFC6488], the fetch has failed and the RP MUST proceed to ; otherwise, proceed to . Note that all RPs MUST be able to process + Manifests, CRLs and Resource Certificates , BGPsec Router Certificates , Ghostbuster Records , and ROAs . The set + of retrieved objects may include other RPKI object types that + the RP is not prepared to process. When such objects are + encountered by an RP, the RP MUST NOT attempt to validate the + eContent (as described in Section 2.1.3.2 above) of such + objects; encountering such objects does not, per se, result in a + failed fetch. @@ -744,26 +752,24 @@
- If an RP does not acquire a current valid manifest, or does not - acquire current valid instances of all of the objects enumerated - in a current valid manifest as a result of a fetch, then - processing of the signed objects associated with the CA instance - has failed for this fetch cycle. The RP MUST issue a warning - indicating the reason(s) for termination of processing with - regard to this CA instance. It is RECOMMENDED that a human - operator be notified of this warning. + If a fetch fails for any of the reasons cited in -, the RP MUST issue a + warning indicating the reason(s) for termination of processing + with regard to this CA instance. It is RECOMMENDED that a human + operator be notified of this warning. Termination of processing means that the RP SHOULD continue to use cached versions of the objects associated with this CA instance, until such time as they become stale or they can be - replaced by objects from a successful fetch. This implies that + replaced by objects from a successful fetch.This implies that the RP MUST not try to acquire and validate subordinate signed objects, e.g., subordinate CA certificates, until the next interval when the RP is scheduled to fetch and process data for this CA instance. +
@@ -891,10 +897,13 @@ + + + ASN.1 encoding rules: Specification of basic encoding Rules (BER), Canonical encoding rules (CER) and Distinguished encoding rules (DER)