Skip to main content

You're viewing an archived page. It is no longer being updated.

RIPE 81

Thursday, 29 October 11:00 - 12:00 CET (UTC +1)
Chairs: Ignas Bagdonas, Job Snijders, Paul Hoogsteder
Scribe: Matt Parker
Status: Final

1. Welcome, Agenda, Other Formalities - WG Chairs

The presentation is available online:
https://ripe81.ripe.net/presentations/76-rtgwg-ripe81-201029-1322.pdf

The Working Group chairs opened the session, welcomed the attendees and explained the etiquette for submitting questions both during and after the presentations.  

Paul Hoogsteder confirmed that the minutes from RIPE 80 had been published and briefly introduced the two upcoming presentations. 

2. IRRd 4.1.0 - The Greatest IRRd Release So Far! - Job Snijders, NTT and Sasha Romijn, DashCare BV

The presentation is available online:
https://ripe81.ripe.net/presentations/59-IRRd-RIPE812.pdf

There were no questions.

3. The RPKI Resiliency Project - Nathalie Trenaman, RIPE NCC

The presentation is available online:
https://ripe81.ripe.net/presentations/18-Routing-WG-RIPE81-Nathalie.pdf

Robert Scheck, ETES GmbH, asked whether the RPKI Repository would be in the AWS cloud only or whether there would be a multi-vendor solution.

Nathalie responded that a single cloud provider will be used but that there would also be a local backup solution in case of catastrophic failure in the cloud infrastructure. 

Marco d'Itri, Seeweb, asked whether the RIPE NCC had considered adopting one of the standards currently used to audit the web PKI (i.e. WebTrust or ETSI) and if yes, why they were rejected. 

Nathalie confirmed that they had looked at two ETSI standards and at a WebTrust standard, she explained that although they encompass a lot of the desired elements they were not completely tailored to RPKI and the RIPE NCC therefore wanted to take a broader approach.  Nathalie added that they will however include some elements from the Web Trust model in the SOC 2 Type II framework. 

Herman Ramos, Inaglobe Education, commented that the RIRs have been implementing RPKI according to their understanding of the relevant RFCs, however not all aspects of the system are bound by formal standards.  Herman asked whether it would be easy for the RIRs to work together on this. 

Nathalie responded that the RIRs were already working together on this and had formed a body called the Engineering Coordination Group (ECG) which brings together the engineering teams from the RIRs.  They have regular meetings to discuss what they are doing, how they are doing it and what they can learn from each other.  Nathalie added that some of the participants of the ECG are also active in SIDROPS group (Secure InterDomain Routing Operations) in the IETF where the RPKI RFCs are being created. 

Rüdiger Volk asked when the community will hear about the RFC non-compliance part of the assessment performed by Radically Open Security. 

Nathalie explained that the report is essentially a security report and that there are some outstanding items that need to be fixed. They expect the work to be complete before the end of the year at which time, in the interests of transparency, they will disclose the full findings of the report including the part relating to RFC non-compliance. 

Robert Scheck commented that he really disliked the idea of AWS-only for regular RPKI repository operations instead of using multiple cloud providers in parallel.  Robert went on to ask whether a failure in the AWS cloud would result in a larger outage whilst failing over to a local backup solution. 

Nathalie commented that she did not know enough about the architecture to say whether a failover to another cloud provider would be any faster than a failover to a local backup solution, however if Robert wanted more information she would be happy to find out for him.  

Leo Vegoda, And Polus LLC / PeeringDB, asked whether the RPKI-specific version of the audit standard would be made freely available, or available at low cost, for use by others?  

Nathalie said the outcome, the SOC 3 report will be made available to the wider public, and the SOC2 type II framework would be available to other Trust Anchors (RIRs).

There were no further questions. 

4. Closing - WG Chairs

Paul thanked everybody for attending and asking good questions.  Paul closed the session and expressed the hope that he would see everybody on the Routing WG mailing lists.