morrowc.lists at gmail.com
Fri Nov 23 21:48:14 UTC 2018
On Fri, Nov 23, 2018 at 2:31 PM Alex Band <alex at nlnetlabs.nl> wrote:
> Hi Jeff,
> While I can’t offer you a solution today, I’m happy to tell you we’ve
> recognised this particular use case and are working on a free, open source
> We're building a toolset that allows you to run a CA as a child of one or
> multiple RIRs transparently and publish using your own or a third party
> publication server. In addition, we’ll provide validation software.
> For the validation software we have running code that is already used in
> production in various places:
> With development ongoing, we’re still in the process of getting this fully
> funded as we’re a small non-profit. So far the RIPE NCC Community Projects
> Fund and Brazilian registry NIC.br are contributing to financing this
> project. Our goal to to provide something that is on par with our other
> projects, such as NSD and Unbound.
> Happy to keep you updated on the progress.
> Alex Band
> NLnet Labs
> > On 23 Nov 2018, at 18:51, Jeff McAdams <jeffm at iglou.com> wrote:
> > OK, I'm trying to do the responsible thing and further the progress and
> > deployment of RPKI. I feel like I have a pretty good handle on a path
> > forward for doing validation and routing-policy based on ROA validation.
hey thanks! :)
> > However, I also feel like I'm really banging my head against a wall
> > to set up publication of ROAs. $employer has IP space from several RIRs,
> > and enough space that there is a pretty strong desire to have our own
> > publication system for this, but I'm really struggling to find extant
> > software to do this.
I think there are 3 options:
ripe validator v2 (potentially v3?) -
rpki.net validator - https://github.com/dragonresearch/rpki.net
bbn rpstir - https://github.com/bgpsecurity/rpstir
> Are there people doing their own publication? Or is everyone just using
> > Hosted ARIN/RIPE/APNIC/etc. systems? My colleagues and I feel like
> > to manage and automate processes against multiple RIRs is not ideal, so
> > setting up a publication system that can use the Up-Down protocol, or
> > perhaps publish our own publication points, or whatever is the best way
> > handle this would be desired.
> > Can anyone point me to some facilitating resources on this? Software
> > packages that are reasonably current and maintained and not a total pain
> > to deploy?
> > --
> > Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG