This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[routing-wg] RPKI Validator 3: disable fetching from certain repos?

Previous message (by thread): [routing-wg] RPKI Validator 3: disable fetching from certain repos?
Next message (by thread): [routing-wg] RPKI Validator 3: disable fetching from certain repos?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

George Michaelson ggm at algebras.org
Fri Oct 12 11:12:18 CEST 2018

There is a problem with the RRDP pub-point in TWNIC which we (APNIC)
are discussing with them. They did not appreciate at first that a 443
bound service would have to be publicly visible and wish to
re-architect things to move this to a place outside their firewall.

It doesn't appear logistically simple to disable the certificated
declaration right now, I think we might have an operations discussion
about timeouts and risks here.

Basically, "they know there is a publicly visible problem" and "they
are working on it"

-George
On Thu, Oct 11, 2018 at 11:15 PM nusenu <nusenu-lists at riseup.net> wrote:
>
>
>
> nusenu:
> > https://rpki.cnnic.cn/rrdp/notify.xml: java.util.concurrent.TimeoutException
> > https://rpkica.twnic.tw/rrdp/notify.xml: java.util.concurrent.TimeoutException
>
>
> are they generally unavailable or are they just answering to a limited set of source IPs?
> (depending on geolocation of the source IP)
>
> --
> https://twitter.com/nusenu_
> https://mastodon.social/@nusenu
>

Previous message (by thread): [routing-wg] RPKI Validator 3: disable fetching from certain repos?
Next message (by thread): [routing-wg] RPKI Validator 3: disable fetching from certain repos?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ routing-wg Archives ]