Re: [Sidrops] Example BGPSec Router certificate, and GBR for testing?

Tim Bruijnzeels <tim@nlnetlabs.nl> Mon, 07 December 2020 14:07 UTC

Return-Path: <tim@nlnetlabs.nl>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C4373A13A5 for <sidrops@ietfa.amsl.com>; Mon, 7 Dec 2020 06:07:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q7c4QGPl6GPV for <sidrops@ietfa.amsl.com>; Mon, 7 Dec 2020 06:07:22 -0800 (PST)
Received: from outbound.soverin.net (outbound.soverin.net [IPv6:2a01:4f8:fff0:2d:8::215]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83D123A0D78 for <sidrops@ietf.org>; Mon, 7 Dec 2020 06:07:22 -0800 (PST)
Received: from smtp.soverin.net (unknown [10.10.3.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id 9644260057; Mon, 7 Dec 2020 14:07:20 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [159.69.232.138]) by soverin.net
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1607350039; bh=SZXAfO7BwLkPhpPMx26+ehc2yzwigIL4L4VlBbQLMWY=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=TN27nkpvckK7aMgX11CErvXicDqJ7+vYHsnfHKV7hQ0qhjKjM+GIJe9BJWBdswy1b ye6w7sVg73SLaOzrk8j8IwcHUSoSmTJR+5bsmVFF4GPttqbhOBB4+IKHmWChKBZhuU gTXbpbHl2BvRMe/Jr9dYKKkSUw2INg8hlyOXVPhwLkmV+CezaPK+frlaFRmHwD8RyA r4mJsICmCD0FV7C4UDg2fCknVKtpk6OGGfitdnyFnYzzkvLA9FOQLEjKewxSVUD8dJ Hl/YqeeQKGcdhs62Rd4Qim6p8CYitg3UbyLLROuJYv9S1gXErYSEYOg9JeT6qAhJrR tNT8umD/t9nFw==
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Tim Bruijnzeels <tim@nlnetlabs.nl>
In-Reply-To: <X84y7FpLUJlNQxjZ@bench.sobornost.net>
Date: Mon, 7 Dec 2020 15:06:47 +0100
Cc: SIDR Operations WG <sidrops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <39C631B2-0BEA-4833-96B3-83F1186DC4B6@nlnetlabs.nl>
References: <7058F38E-AB83-4209-823D-6A3B860711B6@nlnetlabs.nl> <X84y7FpLUJlNQxjZ@bench.sobornost.net>
To: Job Snijders <job@ntt.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/04BSVAmoG5gLJIDkPHJSJvs7gwU>
Subject: Re: [Sidrops] Example BGPSec Router certificate, and GBR for testing?
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2020 14:07:25 -0000

Hi Job,

> On 7 Dec 2020, at 14:49, Job Snijders <job@ntt.net> wrote:
> 
> Hi Tim,
> 
> On Fri, Oct 02, 2020 at 11:24:03AM +0200, Tim Bruijnzeels wrote:
>> Does anyone have a real world BGPSec router certificate and
>> Ghostbuster object they could share for testing validation software?
>> 
>> The same applies to Ghostbuster records. If there is an example that
>> could be shared, then this could help us and other RP implementers to
>> deal with these objects securely as well.
> 
> I published a Ghostbusters record which you can find by via the RIPE NCC
> Trust Anchor:
> 
> rsync://chloe.sobornost.net/rpki/Sobornost/m4SxTZayQtEojVOp4jrY0LmhDyw.gbr

Thanks! We noticed.

When we looked earlier it had the wrong vCard version, but it's useful to have this also in that state. My colleagues are already analysing it. We can report on it later.

Tim


> 
> Kind regards,
> 
> Job