This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] Penetration Test Report for RPKI
- Previous message (by thread): [routing-wg] Penetration Test Report for RPKI
- Next message (by thread): [routing-wg] Penetration Test Report for RPKI
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at fastly.com
Tue Dec 21 23:57:27 CET 2021
On Tue, Dec 21, 2021 at 01:23:01PM -0800, Randy Bush wrote: > > We hope you will find these reports useful > > very much so. thank you. Yes, I'd like to echo what Randy says. Thanks for sharing this. > btw, re RIPE-009 - Unencrypted Communication > > in the up/down protocol, objects are cms wrapped and hence signed and > objct authenticated; i.e. i would not panic about transport cia. Indeed. But I can imagine that in a world where virtually all (originally HTTP-only yolo) APIs now have been migrated to HTTPS, any API which ** by design ** is HTTP-only, would indeed stand out to pentest researchers. I think it is good the testers noticed this aspect, and also good that RIPE NCC noted in the response "Up-down remains on HTTP and uses a CMS wrapper for authentication." The up/down protocol is somewhat similar in terms of security considerations to how one can transport signed RPKI data from Publication Point (repositories) to Relaying Party (validator instances). In that context too, the use of unencrypted transport (like RSYNC, or PIGEON) is deemed acceptable because the threat model is based on a robust interpretation of object-security** to such an extend that transport-security is inconsequential. > otoh, i suspect there could be a path to move your delegated CAs to > TLS; which might be conservative in the long run. Would you mind elaborating on what you mean with the phrase "might be conservative in the long run?". Kind regards, Job ** One crucial corner stone to the concept of 'RPKI object security' is a thing called "RPKI Manifests". Manifests are an elegant and very powerful idea in the X.509 universe: the ability to securely group objects together. All modern validators use manifests: make sure your validator is updated to the latest version! Read more about what Manifests are here: https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-6486bis-09 This doc is now going through IETF last-call.
- Previous message (by thread): [routing-wg] Penetration Test Report for RPKI
- Next message (by thread): [routing-wg] Penetration Test Report for RPKI
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]