diff options
Diffstat (limited to 'rpkid/doc/Left-right')
| -rw-r--r-- | rpkid/doc/Left-right | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/rpkid/doc/Left-right b/rpkid/doc/Left-right index 338a6789..96d6358b 100644 --- a/rpkid/doc/Left-right +++ b/rpkid/doc/Left-right @@ -72,6 +72,7 @@ initiated by the IRBE specified for the "create", "set", "get", and "destroy" actions. Payload data which can be configured in a <self/> object: + * use_hsm (attribute): Whether to use a Hardware Signing Module. At present this option has no effect, as the implementation does not yet support HSMs. @@ -102,6 +103,7 @@ initiated by the IRBE should be left unset. Control attributes that can be set to "yes" to force actions: + * rekey: Start a key rollover for every RPKI CA associated with every <parent/> object associated with this <self/> object. This is the first phase of a key rollover operation. @@ -143,6 +145,7 @@ initiated by the IRBE this <bsc/> object is associated. Payload data which can be configured in a <isc/> object: + * signing_cert (element): BPKI certificate to use when generating a signature. @@ -150,12 +153,14 @@ initiated by the IRBE had been revoked. Control attributes that can be set to "yes" to force actions: + * generate_keypair: Generate a new BPKI keypair and return a PKCS #10 certificate request. The resulting certificate, once issued, should be configured as this <bsc/> object's signing_cert. Additional attributes which may be specified when specifying "generate_keypair": + * key_type: Type of BPKI keypair to generate. "rsa" is both the default and, at the moment, the only allowed value. @@ -192,6 +197,7 @@ initiated by the IRBE this parent. Payload data which can be configured in a <parent/> object: + * peer_contact_uri (attribute): HTTPS URI used to contact this parent. @@ -235,6 +241,7 @@ initiated by the IRBE than CMS. Control attributes that can be set to "yes" to force actions: + * rekey: This is like the rekey command in the <self/> object, but limited to RPKI CAs under this parent. @@ -255,6 +262,7 @@ initiated by the IRBE which this <child/> object is associated. Payload data which can be configured in a <child/> object: + * bpki_cert (element): BPKI CA certificate for this <child/>. This is used as part of the certificate chain when validating incoming TLS and CMS messages. If the bpki_glue certificate is in use (below), @@ -271,6 +279,7 @@ initiated by the IRBE certificate should be left unset. Control attributes that can be set to "yes" to force actions: + * reissue: Not implemented, may be removed from protocol. <repository/> object @@ -284,6 +293,7 @@ initiated by the IRBE <self/> object with which this <repository/> object is associated. Payload data which can be configured in a <repository/> object: + * peer_contact_uri (attribute): HTTPS URI used to contact this repository. @@ -344,6 +354,7 @@ initiated by the IRBE prefix and maxLength encoding used in the -03 draft. Payload data which can be configured in a <route_origin/> object: + * asn (attribute): Autonomous System Number (ASN) to place in the generated ROA. A single ROA can only grant authorization to a single ASN; multiple ASNs require multiple ROAs, thus multiple @@ -356,6 +367,7 @@ initiated by the IRBE below for format. Control attributes that can be set to "yes" to force actions: + * suppress_publication: Not implemented, may be removed from protocol. @@ -398,6 +410,7 @@ Operations initiated by the RPKI engine A <list_resources/> response includes the following attributes, along with the tag (if specified), self_handle, and child_handle copied from the request: + * valid_until: A timestamp indicating the date and time at which certificates generated by the RPKI engine for these data should expire. The timestamp is expressed as an XML xsd:dateTime, must be @@ -461,5 +474,5 @@ Error handling __________________________________________________________________ - Generated on Tue Apr 13 16:22:05 2010 for RPKI Engine by doxygen + Generated on Tue Apr 13 21:06:48 2010 for RPKI Engine by doxygen 1.6.3 |