Hi nusenu, First of all, my apologies that the issue you raised fell a bit through the cracks and it took so long to get resolved. We do see the importance to offer RIS dumps through HTTPS and to configure our RPKI validator to fetch the RIS dumps via HTTPS. At the moment the RIS team is working on making HTTPS available and as soon as this is done (they told me it will happen soon), we will make the change to the validator. Overall, we need a few more weeks for this, but we will reply here as well as soon as it is done. We will open the issue again and only close it when it is resolved. Thanks, Nathalie Trenaman Routing Security Programme Manager RIPE NCC
Op 12 feb. 2019, om 23:28 heeft nusenu <nusenu-lists@riseup.net> het volgende geschreven:
Hi,
back in September I opened an issue on github [1] about RPKI Validator 3 fetching RIS dumps via plain HTTP connections, two weeks ago the issue got closed.
First I was glad since I assumed the issue got closed because it is fixed but then I noticed that the issue still persists in rpki-validator-3.0-377 so I'm wondering why the issue got closed?
thanks, nusenu
[1] https://github.com/RIPE-NCC/rpki-validator-3/issues/50
-- https://twitter.com/nusenu_ https://mastodon.social/@nusenu