[sidr] Using RRDP links in the RIPE NCC repository
Tim Bruijnzeels <tim@ripe.net> Thu, 14 January 2016 13:42 UTC
Return-Path: <tim@ripe.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB6921B34FE for <sidr@ietfa.amsl.com>; Thu, 14 Jan 2016 05:42:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.399
X-Spam-Level: *
X-Spam-Status: No, score=1.399 tagged_above=-999 required=5 tests=[BAYES_50=0.8, J_CHICKENPOX_64=0.6, RP_MATCHES_RCVD=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O8_tNVYHrpwr for <sidr@ietfa.amsl.com>; Thu, 14 Jan 2016 05:42:35 -0800 (PST)
Received: from mahimahi.ripe.net (mahimahi.ripe.net [IPv6:2001:67c:2e8:11::c100:1372]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA53F1B34FD for <sidr@ietf.org>; Thu, 14 Jan 2016 05:42:34 -0800 (PST)
Received: from nene.ripe.net ([193.0.23.10]) by mahimahi.ripe.net with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84) (envelope-from <tim@ripe.net>) id 1aJiAa-0007d6-1x for sidr@ietf.org; Thu, 14 Jan 2016 14:42:33 +0100
Received: from sslvpn.ripe.net ([193.0.20.230] helo=vpn-12.ripe.net) by nene.ripe.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <tim@ripe.net>) id 1aJiAZ-0007Uw-SS; Thu, 14 Jan 2016 14:42:31 +0100
From: Tim Bruijnzeels <tim@ripe.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 14 Jan 2016 14:42:31 +0100
To: sidr <sidr@ietf.org>
Message-Id: <47AD8396-3D52-4FCE-8AC2-7EFBC94C94E5@ripe.net>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
X-Mailer: Apple Mail (2.2104)
X-ACL-Warn: Delaying message
X-RIPE-Spam-Level: --
X-RIPE-Spam-Report: Spam Total Points: -2.9 points pts rule name description ---- ---------------------- ------------------------------------ -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000]
X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a0719d73dd0423cbfc500765885fd5397f793
Archived-At: <http://mailarchive.ietf.org/arch/msg/sidr/GJNbgB7g6EsVrw__1ZWjTWDUMAY>
Subject: [sidr] Using RRDP links in the RIPE NCC repository
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jan 2016 13:42:36 -0000
Hi all, Just a heads up that we have started to include RRDP SIAs as in the RIPE NCC RPKI certificates. We are using a cloud provider to host the publication server and CDN - but I am not sure it's appropriate to name companies on this list ;). It shouldn't affect any recent validators - recent versions of rcynic, RPSTIR and the RIPE NCC RPKI Validator all ignore the additional URIs. As discussed at the last two IETFs, we figured it would be safe to start using this as a beta service. However we have had one report from JPNIC who were using an older RP tool that had an issue with this. If you see similar problems you may want to upgrade your RP tools. If you want to help us test the new protocol, our latest validator supports it - but you have to enable it in config, by setting the following in the rpki-validator.conf: > prefer.rrdp = true Our validator can be downloaded here: https://www.ripe.net/manage-ips-and-asns/resource-management/certification/tools-and-resources But of course we are also very interested in feedback from other RP software. Please let us know if you have any question or comment, or find any issues. Cheers, Tim
- [sidr] Using RRDP links in the RIPE NCC repository Tim Bruijnzeels