Hello the List, I would like to know if you heard some plans to add a feature on the RPKI Hosted system to automatically create RSPL objects when creating the ROA's I know that NTT IRR is already doing this. I think this feature could be useful in terms of management. Thanks [photo] Nicolas Breuer [https://s3.amazonaws.com/images.wisestamp.com/widgets/green_32.png] Be like me, be Carbon free - don't print this and save a tree
I would like to know if you heard some plans to add a feature on the RPKI Hosted system to automatically create RSPL objects when creating the ROA's
open source tools for this have been public for some years. also IRR servers. but why would you trust an IRR server, when you can run one of the tools, fetch RPKI data (which you can trust if you have well- configured trust anchors), and create your own, trustable, IRR hack? randy
Speaking on behalf of LACNIC, we will be rolling this feature for our member portal in the second half of the year. Also, I believe Job Snijders has been doing this for a while, at least for some RPKI repos. See: whois -h rr.whois.ntt.net 200.7.84.1 On 25 Apr 2019, at 15:35, Randy Bush wrote:
I would like to know if you heard some plans to add a feature on the RPKI Hosted system to automatically create RSPL objects when creating the ROA's
open source tools for this have been public for some years. also IRR servers. but why would you trust an IRR server, when you can run one of the tools, fetch RPKI data (which you can trust if you have well- configured trust anchors), and create your own, trustable, IRR hack?
randy
Speaking on behalf of LACNIC, we will be rolling this feature for our member portal in the second half of the year.
Also, I believe Job Snijders has been doing this for a while, at least for some RPKI repos.
See: whois -h rr.whois.ntt.net 200.7.84.1
and dragon has been doing it for many years. but DO NOT USE IT, or any of these, because
open source tools for this have been public for some years. also IRR servers. but why would you trust an IRR server, when you can run one of the tools, fetch RPKI data (which you can trust if you have well- configured trust anchors), and create your own, trustable, IRR hack?
randy
Hello, Yes but the question is why the RIPE cannot create automatic routes objects based on the ROA’s we host on the RIPE server’s :-) Many tier1’s only trust the Ripe database.
Le 25 avr. 2019 à 20:42, Carlos M. Martinez <carlosm3011@gmail.com> a écrit :
Speaking on behalf of LACNIC, we will be rolling this feature for our member portal in the second half of the year.
Also, I believe Job Snijders has been doing this for a while, at least for some RPKI repos.
See: whois -h rr.whois.ntt.net 200.7.84.1
On 25 Apr 2019, at 15:35, Randy Bush wrote:
I would like to know if you heard some plans to add a feature on the RPKI Hosted system to automatically create RSPL objects when creating the ROA's
open source tools for this have been public for some years. also IRR servers. but why would you trust an IRR server, when you can run one of the tools, fetch RPKI data (which you can trust if you have well- configured trust anchors), and create your own, trustable, IRR hack?
randy
Yes but the question is why the RIPE cannot create automatic routes objects based on the ROA’s we host on the RIPE server’s :-)
it is all about trust. IRR data are inherently not trustable; there is neither object security nor assured security that the file you are fetching is the file you think you are fetching. it's all about the threat modeling and trust modeling.
Many tier1’s only trust the Ripe database.
i suspect this is not true, but it's tangential and i'll let others comment on it. randy
participants (3)
-
Carlos M. Martinez
-
Nicolas Breuer
-
Randy Bush