Re: [Sidrops] Distributing RPKI Validated Cache in JSON over HTTPS

Di Ma <> Mon, 01 June 2020 03:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 43AA53A0C3F for <>; Sun, 31 May 2020 20:40:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id HYXKTj8bP_qh for <>; Sun, 31 May 2020 20:40:52 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B9A833A0B30 for <>; Sun, 31 May 2020 20:40:50 -0700 (PDT)
X-Alimail-AntiSpam: AC=CONTINUE; BC=0.0791467|-1; CH=green; DM=|CONTINUE|false|; DS=CONTINUE|ham_regular_dialog|0.0226426-0.00707572-0.970282; FP=0|0|0|0|0|-1|-1|-1; HT=e01a16384;; NM=1; PH=DS; RN=3; RT=3; SR=0; TI=SMTPD_---.HgUsisx_1590982842;
Received: from fp:SMTPD_---.HgUsisx_1590982842) by; Mon, 01 Jun 2020 11:40:42 +0800
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.\))
From: Di Ma <>
In-Reply-To: <>
Date: Mon, 01 Jun 2020 11:40:38 +0800
Cc: George Michaelson <>, SIDR Operations WG <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <>
To: Randy Bush <>
X-Mailer: Apple Mail (2.3608.
Archived-At: <>
Subject: Re: [Sidrops] Distributing RPKI Validated Cache in JSON over HTTPS
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 01 Jun 2020 03:40:54 -0000


We need to differentiate two uses-cases.

1) Use SLURM file to update validated cache (VRP) over networks within a bailiwick

2) Use SLURM file to broadcast Unallocated and Unassigned RIPE NCC Address Space (ROA0)

As in case 1, I think it is typically sorta inter-cache within an ISP who does not want to see multiple RP instances bringing inconsistency. It just uses one RP to do sync and validation and then uses RUSH to do sync among cache servers in its networks. so the trust can be established easily in this convergent scope of those cache servers.  And share-key for instance can be used as TRUST to employ IPSec to implement authentication of SLURM file transferred between two cache server. 

As in case 2, I think what RPs should trust is who is authoritative for ROA0. Although SLURM file itself has got no protection for data integrity there are workaround. If you are going to download from RIPE NCC you just need to make your browser/client to trust web PKI cert of RIPE. 

In short, I think RUSH is competent for case 1 and could be used for case 2 which needs more discussions in RIPE community :-)


> 2020年5月31日 16:59,Randy Bush <> 写道:
> di
> i am a bit undlear here.  could you walk me through an example, starting
> with what i trust?  e.g. am i trusting a dns name?  a tls cert ca?  ...
> thanks.
> randy