Re: [routing-wg] request for feedback: a RPKI Certificate Transparency project?

Dear Job, all, I think all would agree that transparency is good. A key difference between RPKI and most other PKIs is that in the RPKI all objects are published in the open for all the see. As you mentioned your RPKI validator may miss intermediate state changes if it retrieves objects using

Re: [routing-wg] request for feedback: a RPKI Certificate Transparency project?

On Fri, Sep 10, 2021 at 11:39:39AM +0200, Tim Bruijnzeels wrote: > I think all would agree that transparency is good. > > A key difference between RPKI and most other PKIs is that in the RPKI > all objects are published in the open for all the see. Small nitpick: all objects are SUPPOSED to be

Re: [routing-wg] request for feedback: a RPKI Certificate Transparency project?

Hi Tim, On 09/10, Tim Bruijnzeels wrote: > > > > On 10 Sep 2021, at 11:57, Job Snijders wrote: > > > > On Fri, Sep 10, 2021 at 11:39:39AM +0200, Tim Bruijnzeels wrote: > >> I think all would agree that transparency is good. > >> > >> A key difference between RPKI and most other PKIs is that

Re: [routing-wg] request for feedback: a RPKI Certificate Transparency project?

Hi Job, > On 20210909, at 18:25, Job Snijders via routing-wg > wrote: > [..] > Does the community see value in applying Certificate Transparency to the > RPKI? What are your thoughts? TLDR: - Can be useful in case of incidents - there are a few useful tools out there, but no history yet

Re: [routing-wg] request for feedback: a RPKI Certificate Transparency project?

Hi Job, Thanks for bringing this up and I would be supportive for setting up the activity for keeping the CT logs. Topics that we should keep in mind on the scope for the NCC.. Are we asking the NCC to provide feeds to third parties .. ( aka . the NCC (or their infra) doesn't store it

[routing-wg] A Changing User Interface for rpki-validator.ripe.net

Dear colleagues, As we have already announced, we have ended support for our RPKI Validator. We have still been running our Validator 3 on http://rpki-validator.ripe.net as an informational service to the community. However, we will be replacing our

Re: [routing-wg] request for feedback: a RPKI Certificate Transparency project?

> On 10 Sep 2021, at 11:57, Job Snijders wrote: > > On Fri, Sep 10, 2021 at 11:39:39AM +0200, Tim Bruijnzeels wrote: >> I think all would agree that transparency is good. >> >> A key difference between RPKI and most other PKIs is that in the RPKI >> all objects are published in the open for

Re: [routing-wg] request for feedback: a RPKI Certificate Transparency project?

Hi Ben, > On 10 Sep 2021, at 13:11, Ben Maddison wrote: > > Hi Tim, > > On 09/10, Tim Bruijnzeels wrote: >> >> >>> On 10 Sep 2021, at 11:57, Job Snijders wrote: >>> >>> On Fri, Sep 10, 2021 at 11:39:39AM +0200, Tim Bruijnzeels wrote: I think all would agree that transparency is good.

Re: [routing-wg] request for feedback: a RPKI Certificate Transparency project?

Hi Tim, > But this should start with a problem statement which is discussed in > the IETF. The context of the RPKI standards matter and a lot of the > contributors to those standards are not active here. It is not uncommon for initiatives to start in a special interest group outside the IETF,

[routing-wg] Weekly Routing Table Report

This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG. Daily listings are sent to