<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">Le 01/10/2021 à 17:06,
<a class="moz-txt-link-abbreviated" href="mailto:marco@lamehost.it">marco@lamehost.it</a> a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:60e7edb4a2c2f4d5c80a88a2c053392a24131af4.camel@lamehost.it">
<pre class="moz-quote-pre" wrap="">On Mon, 2021-09-20 at 00:28 +0200, job at fastly.com wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Dear all,
[ TL;DR: What does the working group think about supporting an
extension
to the RPKI Dashboard to enable publication of BGPsec certs?
]
At the moment the hosted "RPKI Dashboard" at
<a class="moz-txt-link-freetext" href="https://my.ripe.net/#/rpki">https://my.ripe.net/#/rpki</a>,
only permits Resource Holders to create RPKI objects of one specific
type: ROAs. However, a wider range of RPKI cryptographic product
types
also exists, for example: BGPsec Router Certificates [RFC 8209].
BGPsec is a RPKI-based technology which enables network operators to
transitively validate whether a given BGP UPDATE - indeed - passed
through the Autonomous Systems listed in the path. One way to think
of
BGPsec is as an ECDSA protected network of channels between a
receiving
EBGP node; and one (or many) routers in the BGP route's Origin AS.
I think BGPsec can be useful to protect "private peering" at large
scale, and another use case is to increase confidence in routing
information distributed via IXP Route/Blackhole Servers.
Right now, routing protocol researchers and network operators wishing
to
publish BGPsec Router Keys, also have to learn how to master
"Delegated
RPKI": a deployment model with a steep learning curve. I think there
are
benefits to the community if RIPE NCC appends an activity to the
"RPKI
Planning and Roadmap" to implement procedures to sign and publish
BGPsec
Router Keys via a PKCS#10 / PKCS#7 exchange, callable via both API
and
dashboard WebUI.
What do others think?
Kind regards,
Job
Relevant documentation:
<a class="moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/html/rfc8209">https://datatracker.ietf.org/doc/html/rfc8209</a>
<a class="moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/html/rfc8635">https://datatracker.ietf.org/doc/html/rfc8635</a>
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Hello,
I support the idea as it would enable network operators to explore the
benefits of BGPsec in production environment. And the effort sounds
small
</pre>
</blockquote>
Hello all,<br>
<br>
+1<br>
The effort to enable publication of BGPsec certs on the RPKI
dashboard seems reasonable as there is already an hosted RPKI and a
portal to manage ROAs.<br>
Having an hosted RPKI for BGPSec objects will help definitely
operators who do not have the resources to manage a PKI<br>
<br>
<blockquote type="cite"
cite="mid:60e7edb4a2c2f4d5c80a88a2c053392a24131af4.camel@lamehost.it">
<pre class="moz-quote-pre" wrap="">
Regards
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta charset="utf-8">
<hr style="background-color: #CCCCCC; height: 1px; border: 0;">
<table>
<tbody>
<tr>
<td rowspan="2">
<table style="background: none; border-width: 0px; border:
0px; margin: 0; padding: 0;" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<td> <a href="https://franceix.net"
style="border-width:0px; border:0px;
text-decoration: none;" target="_blank"> <img
style="width: 140px; right: 140px;
padding-bottom:0;" id="preview-image-url"
src="https://www.franceix.net/media/cms_page_media/811/Logo-france-ix.png">
</a> </td>
</tr>
<tr>
<td> <a href="https://franceix.net"
style="border-width:0px; border:0px;
text-decoration: none;" target="_blank"> <img
style="width: 120px; right: 140px;
padding-bottom:0;" id="preview-image-url"
src="https://www.franceix.net/media/cms_page_media/811/logo-rezopole.png">
</a> </td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td style="padding-left: 15px; border-left: solid 1px
#C6D0DC;">
<table style="background: none; border-width: 0px; border:
0px; margin: 0; padding: 0;" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<td colspan="2" style="padding-bottom: 2px; color:
#292F36; font-size: 16px; font-family: Arial,
Helvetica, sans-serif;">Simon <strong>MUYAL</strong></td>
</tr>
<tr>
<td colspan="2" style="padding-bottom: 1px; color:
#FB4D3D; font-size: 13px; font-family: Arial,
Helvetica, sans-serif;" width="300"><strong>Directeur
Technique / Chief Technical Officer</strong></td>
</tr>
<tr>
<td><br>
</td>
</tr>
<tr>
<td style="padding-bottom: 1px; vertical-align: top;
width: 70px; color: #333333; font-size: 13px;
font-family: Arial, Helvetica, sans-serif;"
width="70" valign="top"><span style="color:
#292F36">Tel :</span><strong>+33 1 70 61 97 74</strong></td>
</tr>
<tr>
<td style="padding-bottom: 1px; vertical-align: top;
width: 151px; color: #333333; font-size: 13px;
font-family: Arial, Helvetica, sans-serif;"
width="151" valign="top"><span style="color:
#292F36">Site : </span><a
href="http://www.franceix.net"
style="padding-bottom: 1px; color: #333333;
text-decoration: none; font-weight: normal;
font-size: 13px;">www.franceix.net</a> </td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td colspan="2"> <a
href="https://blog.franceix.net/france-ix-and-rezopole-become-one/"
target="_blank"> </a> <br>
</td>
</tr>
<tr>
<td> <a href="https://fr-fr.facebook.com/ixpfranceix/"
style="border-width:0px; border:0px; text-decoration:
none;" target="_blank"> <img style="border: none;
width: 25px; max-width: 25px !important; height: 25px;
max-height: 25px !important;"
src="https://franceix.net/media/pictos/downloads/facebook-logo-button.png"
width="25" height="25"></a> <a
href="https://twitter.com/ixpfranceix"
style="border-width:0px; border:0px; text-decoration:
none;" target="_blank"> <img style="border: none;
width: 25px; max-width: 25px !important; height: 25px;
max-height: 25px !important;"
src="https://franceix.net/media/pictos/downloads/twitter-logo-button.png"
width="25" height="25"></a> <a
href="https://www.linkedin.com/company/france-ix/?originalSubdomain=fr"
style="border-width:0px; border:0px; text-decoration:
none;" target="_blank"> <img style="border: none;
width: 25px; max-width: 25px !important; height: 25px;
max-height: 25px !important;"
src="https://franceix.net/media/pictos/downloads/linkedin-logo-button.png"
width="25" height="25"> </a> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>