[Sidrops] AS0 RPKI system deployed in production (Prop132)

George Michaelson <ggm@algebras.org> Wed, 02 September 2020 00:53 UTC

Return-Path: <ggm@algebras.org>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A489B3A08E5 for <sidrops@ietfa.amsl.com>; Tue, 1 Sep 2020 17:53:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xlL51vvc2Aeu for <sidrops@ietfa.amsl.com>; Tue, 1 Sep 2020 17:53:21 -0700 (PDT)
Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C27F3A08DB for <sidrops@ietf.org>; Tue, 1 Sep 2020 17:53:21 -0700 (PDT)
Received: by mail-il1-x133.google.com with SMTP id q14so3532690ilm.2 for <sidrops@ietf.org>; Tue, 01 Sep 2020 17:53:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=/bIH3CIvwPZrxk5PtTG/uoPwPfoge4sUipUuIvUpYww=; b=ib5OflXvUKM/Oc+pzw794i00m/AEG/ISbgcxIhRH0TQX9ra5a3/JLckbuglHzyi4FH uJ6QYlFWI6oQlZpucrsPzqjY6tnllEwGZMGaoUPAo/WtflQ4S2/lJZkdh17ihbrsv7vz pQqtlhQcNsp3W5XFNBgJ/GFRnJXO8zjvF23cpWG7bkC8DzkcytA4si4gs092iH3GPKWx /roSzoiZn7MUGoxiEbrKEUTB6KF2UEiUAGCpBmhwHdM5oSigxbNo9k5c9QXMaiv+JXht OLnX3dNsrkg8CIRBy7aG8SNVfVKkIklYiHIQnnTaVP6rRp6gbGZegToHEiyEHF6gO5v+ 14dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=/bIH3CIvwPZrxk5PtTG/uoPwPfoge4sUipUuIvUpYww=; b=VzDOdXIKOW0OaWkIpsR8S//Zf50UOVzYt5r9H0yRp7/ygIiiflAa6KfYnXMGrTO2Rl viVFlq76e5owXLONeOLa4SCp5zVjJMOGZtMx1x6VjlMJNfkTxJtkgnyUsieG16mkoA/1 s/dw6ivqb7rnOrV4T++a6vObTTu1PKRuk0cHUIOpsNZP7E1Oe4wHPOMZzIXk54/iU3Ms k7rAgMlqRJ1UwmkV3YllLEpHVE5xgBPkw5ziL7bMpFTPmxitlNGFo5fhUsMLUs4Fydwn QO2O+Xl4rOGuOAlIrgCEl4bWCKCZmbK03k8tPjKzB12NO9I9x4oDhNVnIi3hCf8QcYDL 4IKw==
X-Gm-Message-State: AOAM5306GxjzACBj4OniEOS8UaCEcr3vPPFYX9gbaXdMlNY4MM1ar7b+ 61cg6LVycqVuZ9f+BvPcDam8XKElECs8I59gI+aHU9ELE2gZ4HHl
X-Google-Smtp-Source: ABdhPJxjwPgDlWPb2CLf+S+Sl7O5g5bjP1GTjLVau22ozm0ANSINze0i1s7/KBWC98oIi1OE39eYsWH5yAKMptNo8a0=
X-Received: by 2002:a92:ad12:: with SMTP id w18mr1436782ilh.218.1599008000250; Tue, 01 Sep 2020 17:53:20 -0700 (PDT)
MIME-Version: 1.0
From: George Michaelson <ggm@algebras.org>
Date: Wed, 2 Sep 2020 10:53:09 +1000
Message-ID: <CAKr6gn2goVBjeGBi+a1RQSzgQPth65uP1VY8zfEsxy0EwZHF2A@mail.gmail.com>
To: SIDR Operations WG <sidrops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/HYi-8WoozbGO5TdFoHrQSH5mQQc>
Subject: [Sidrops] AS0 RPKI system deployed in production (Prop132)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2020 00:53:24 -0000

________________________________________________________________________

AS0 RPKI system deployed in production (Prop132)
________________________________________________________________________

The AS0 RPKI system previously in test has now been deployed to
production. This completes implementation of APNIC Policy Prop132
"RPKI ROAs for unallocated and unassigned APNIC address space"

 https://www.apnic.net/community/policy/proposals/prop-132


A new TAL is being used which can be fetched from:

 https://tal.apnic.net/apnic-as0.tal

Alternate forms of this TAL are also available and are documented at:


https://www.apnic.net/community/security/resource-certification/tal-archive/

Please replace any prior TAL configuration in your RPKI validation
systems. If you are not using this TAL consider adding it to get
notification of authenticated denial of unallocated resources in the
APNIC region.

A report on deployment will be presented at APNIC50. This service will
be discussed in the APNIC Routing SIG at the meeting, and subsequently
on the mailing list:

 https://www.apnic.net/community/participate/sigs/routing-sig/

A blog article describing the deployment methodology is available at:


https://blog.apnic.net/2020/09/02/policy-prop-132-as0-for-unallocated-space-deployed-in-service/

Caveats and warnings about the use of this AS0 ROA are documented at:

https://www.apnic.net/community/security/resource-certification/apnic-limitations-of-liability-for-rpki/#caveatsandwarnings

________________________________________________________________________

APNIC Secretariat                                 secretariat@apnic.net
Asia Pacific Network Information Centre (APNIC)   Tel: +61 7 3858 3100
PO Box 3646 South Brisbane, QLD 4101 Australia    Fax: +61 7 3858 3199
6 Cordelia Street, South Brisbane, QLD            http://www.apnic.net
________________________________________________________________________