[Sidrops] AS0 RPKI system deployed in production (Prop132)
George Michaelson <ggm@algebras.org> Wed, 02 September 2020 00:53 UTC
Return-Path: <ggm@algebras.org>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A489B3A08E5 for <sidrops@ietfa.amsl.com>; Tue, 1 Sep 2020 17:53:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xlL51vvc2Aeu for <sidrops@ietfa.amsl.com>; Tue, 1 Sep 2020 17:53:21 -0700 (PDT)
Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C27F3A08DB for <sidrops@ietf.org>; Tue, 1 Sep 2020 17:53:21 -0700 (PDT)
Received: by mail-il1-x133.google.com with SMTP id q14so3532690ilm.2 for <sidrops@ietf.org>; Tue, 01 Sep 2020 17:53:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=/bIH3CIvwPZrxk5PtTG/uoPwPfoge4sUipUuIvUpYww=; b=ib5OflXvUKM/Oc+pzw794i00m/AEG/ISbgcxIhRH0TQX9ra5a3/JLckbuglHzyi4FH uJ6QYlFWI6oQlZpucrsPzqjY6tnllEwGZMGaoUPAo/WtflQ4S2/lJZkdh17ihbrsv7vz pQqtlhQcNsp3W5XFNBgJ/GFRnJXO8zjvF23cpWG7bkC8DzkcytA4si4gs092iH3GPKWx /roSzoiZn7MUGoxiEbrKEUTB6KF2UEiUAGCpBmhwHdM5oSigxbNo9k5c9QXMaiv+JXht OLnX3dNsrkg8CIRBy7aG8SNVfVKkIklYiHIQnnTaVP6rRp6gbGZegToHEiyEHF6gO5v+ 14dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=/bIH3CIvwPZrxk5PtTG/uoPwPfoge4sUipUuIvUpYww=; b=VzDOdXIKOW0OaWkIpsR8S//Zf50UOVzYt5r9H0yRp7/ygIiiflAa6KfYnXMGrTO2Rl viVFlq76e5owXLONeOLa4SCp5zVjJMOGZtMx1x6VjlMJNfkTxJtkgnyUsieG16mkoA/1 s/dw6ivqb7rnOrV4T++a6vObTTu1PKRuk0cHUIOpsNZP7E1Oe4wHPOMZzIXk54/iU3Ms k7rAgMlqRJ1UwmkV3YllLEpHVE5xgBPkw5ziL7bMpFTPmxitlNGFo5fhUsMLUs4Fydwn QO2O+Xl4rOGuOAlIrgCEl4bWCKCZmbK03k8tPjKzB12NO9I9x4oDhNVnIi3hCf8QcYDL 4IKw==
X-Gm-Message-State: AOAM5306GxjzACBj4OniEOS8UaCEcr3vPPFYX9gbaXdMlNY4MM1ar7b+ 61cg6LVycqVuZ9f+BvPcDam8XKElECs8I59gI+aHU9ELE2gZ4HHl
X-Google-Smtp-Source: ABdhPJxjwPgDlWPb2CLf+S+Sl7O5g5bjP1GTjLVau22ozm0ANSINze0i1s7/KBWC98oIi1OE39eYsWH5yAKMptNo8a0=
X-Received: by 2002:a92:ad12:: with SMTP id w18mr1436782ilh.218.1599008000250; Tue, 01 Sep 2020 17:53:20 -0700 (PDT)
MIME-Version: 1.0
From: George Michaelson <ggm@algebras.org>
Date: Wed, 02 Sep 2020 10:53:09 +1000
Message-ID: <CAKr6gn2goVBjeGBi+a1RQSzgQPth65uP1VY8zfEsxy0EwZHF2A@mail.gmail.com>
To: SIDR Operations WG <sidrops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/HYi-8WoozbGO5TdFoHrQSH5mQQc>
Subject: [Sidrops] AS0 RPKI system deployed in production (Prop132)
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2020 00:53:24 -0000
________________________________________________________________________ AS0 RPKI system deployed in production (Prop132) ________________________________________________________________________ The AS0 RPKI system previously in test has now been deployed to production. This completes implementation of APNIC Policy Prop132 "RPKI ROAs for unallocated and unassigned APNIC address space" https://www.apnic.net/community/policy/proposals/prop-132 A new TAL is being used which can be fetched from: https://tal.apnic.net/apnic-as0.tal Alternate forms of this TAL are also available and are documented at: https://www.apnic.net/community/security/resource-certification/tal-archive/ Please replace any prior TAL configuration in your RPKI validation systems. If you are not using this TAL consider adding it to get notification of authenticated denial of unallocated resources in the APNIC region. A report on deployment will be presented at APNIC50. This service will be discussed in the APNIC Routing SIG at the meeting, and subsequently on the mailing list: https://www.apnic.net/community/participate/sigs/routing-sig/ A blog article describing the deployment methodology is available at: https://blog.apnic.net/2020/09/02/policy-prop-132-as0-for-unallocated-space-deployed-in-service/ Caveats and warnings about the use of this AS0 ROA are documented at: https://www.apnic.net/community/security/resource-certification/apnic-limitations-of-liability-for-rpki/#caveatsandwarnings ________________________________________________________________________ APNIC Secretariat secretariat@apnic.net Asia Pacific Network Information Centre (APNIC) Tel: +61 7 3858 3100 PO Box 3646 South Brisbane, QLD 4101 Australia Fax: +61 7 3858 3199 6 Cordelia Street, South Brisbane, QLD http://www.apnic.net ________________________________________________________________________