[routing-wg] RIPE NCC RPKI Routing Update May 2024

a question to the WG would be whether this is actually a desirable way to do this, or if other ways should be considered instead. In conclusion, we believe that this space is not yet sufficiently understood and we encourage discussion on this in the WG before we try to implement this. Kind reg

Re: [routing-wg] Updated RPKI CPS Document Review

Tim Bruijnzeels Principal Engineer RPKI RIPE NCC > On 16 Apr 2024, at 21:32, Tim Bruijnzeels wrote: > > Dear colleagues, > > We have published an updated draft of the "RIPE NCC Certification Practice > Statement (CPS) for the Resource Public Key Infrastructure (RPKI)" for

[routing-wg] Updated RPKI CPS Document Review

on of RPKI and is provided for transparency. We invite everyone to review the updated draft and let us know on the mailing list if they have any comments, questions or concerns. If no significant issues are raised then we plan to publish the draft CPS as a RIPE Document on 30 April 2024. Kind reg

Re: [routing-wg] RPKI ROAs and Monitoring

Hi Klaus, all, > On 12 Dec 2022, at 12:12, Klaus Darilion via routing-wg > wrote: > ... > Is such monitoring already available and I only have to subcribe somewhere > (free or comemrcial)? Do I miss something? Any hints what I should do before > and after creating the ROAs? BGP alerter and

Re: [routing-wg] Publish in Parent - input requested

Hi, > On 29 Sep 2022, at 16:15, Felipe Victolla Silveira wrote: > > The service was originally designed to allow all objects to be published in > our repositories, regardless of whether the associated resources are part of > the RIPE NCC or another RIR, and this is how we would like to

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

> On 11 Oct 2021, at 12:45, Matthew Walster wrote: > > I genuinely don't understand the reason for obstruction here, what am I > missing? Perhaps this sentence could have made clear that I am not 'obstructing': "In that context, I am not against BGPSec as such, there are just things

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

tep. > At some point the community will do some testing, find bugs in current > implementations that the RFC authors didn't foresee .. that is how things go > .. we fix shizzle. > > Hope that this clarifies. > > Just my 2cp, > > Reg

Re: [routing-wg] Support for "Publish in Parent" [RPKI RFC 8181]?

Dear all, I would like to support this proposal. As an implementer of an open-source RPKI CA I find that a large part of the support questions that we get, and the hesitation to run a delegated CA, stems from the requirement to not just run a CA, which can even be offline between signing

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

Hi Randy, all, > On 6 Oct 2021, at 17:10, Randy Bush wrote: > >> A fundamental issue that I see is that BGPSec validation only has >> 'valid' or 'invalid'. > > just as ROV has: Valid and Invalid. > > hard to have other states in a crypto-based validation; though i have > faith that some

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

> On 6 Oct 2021, at 12:55, Matthew Walster wrote: > > To me, there's two main issues with BGPsec, and that is the memory > requirement of storing all the published keys, and the CPU impact of signing > and/or verifying so many things. These are things that may be addressed over > time with

Re: [routing-wg] request for feedback: a RPKI Certificate Transparency project?

Hi Ben, > On 10 Sep 2021, at 13:11, Ben Maddison wrote: > > Hi Tim, > > On 09/10, Tim Bruijnzeels wrote: >> >> >>> On 10 Sep 2021, at 11:57, Job Snijders wrote: >>> >>> On Fri, Sep 10, 2021 at 11:39:39AM +0200, Tim Bruijnzeels wrote:

Re: [routing-wg] request for feedback: a RPKI Certificate Transparency project?

> On 10 Sep 2021, at 11:57, Job Snijders wrote: > > On Fri, Sep 10, 2021 at 11:39:39AM +0200, Tim Bruijnzeels wrote: >> I think all would agree that transparency is good. >> >> A key difference between RPKI and most other PKIs is that in the RPKI >> all

Re: [routing-wg] request for feedback: a RPKI Certificate Transparency project?

Dear Job, all, I think all would agree that transparency is good. A key difference between RPKI and most other PKIs is that in the RPKI all objects are published in the open for all the see. As you mentioned your RPKI validator may miss intermediate state changes if it retrieves objects using

Re: [routing-wg] Ensuring RPKI ROAs match your routing intent

Hi Randy, all, > On 26 Jun 2020, at 16:04, Randy Bush wrote: > >> Krill uses these RIS dumps too for this initial release, but we intend >> to evolve it over the next releases with something more real-time, as >> well as letting you plug in a local router feed > > drl considered this but i

Re: [routing-wg] [anti-abuse-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space) to be discussed on Routing Working Group Mailing List

Hi > On 23 Dec 2019, at 11:39, Randy Bush wrote: > > erik, > >> Personally, I'm not in favour of this policy as I don't like the NCC >> to start to injecting ROA's that are not allocated or assigned to >> members or end-users. >> >> I think it sets the wrong precedence for the community and

Re: [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)

Hi all, I am not opposed to this in principle. I see some value. However, I think it would be good to take an impact analysis into account in order to prioritise this relative to other rpki improvements. I agree with others who have said that there may be more valuable things for the ripe ncc

Re: [routing-wg] 2018-06 Discussion Phase (RIPE NCC IRR Database Non-Authoritative Route Object Clean-up)

Hi, I think it would be good to look for contact details in the authoritative whois for the resources involved. E.g. RDAP provides a generic way to do this. In particular maliciously created objects may have contact details in them for the wrong people if only the RIPE (non-authoritative)

Re: [routing-wg] RPKI Validator 3: disable fetching from certain repos?

Hi [disclaimer, I am no longer involved in RIPE NCC implementation, but I am now involved in NLnet Labs implementation] > On 10 Oct 2018, at 10:05, nusenu wrote: > > Jay Borkenhagen: > >> Probably a better behavior for rpki-validator-3 to take to avoid >> needlessly filling up logs, etc.,

Re: [routing-wg] looking for online RPKI dashboard / looking glass?

it a spin you can find a link to the beta releases on GitHub, and please let us know if you find any issues :) https://github.com/RIPE-NCC/rpki-validator-3/wiki/RIPE-NCC-RPKI-Validator-3-beta-tester-page Kind regards Tim Bruijnzeels > On 1 May 2018, at 20:44, Gert Doering <g...@space.net&