Hi Ondrej, On Tue, 20 Mar 2012, Ondrej Zajicek wrote:
do you also intend to implement prefix origin validation according to IETF/SIDR specs?
Maybe as a side note: We implemented the RTR protocol as a lightweight and very efficient C library, which allows to exchange validated ROAs between cache and router and to perform origin validation.
We have beta ROA checking in GIT code and will be a part of the next release, which will be in a few days. Currently, it is just a local part (ROA data structure and filters with possibility to statically configure ROAs or add/remove them dynamically using birdc), integration with RPKI / RTR exchange protocol is planned to be added later, i will probably embed or reuse your library.
great! If you need any insights into to lib or if you have suggestions for improvements, please let me know! We are defintely open for collaboration.
BTW, if i remember correctly, connection between router and RPKI cache is required to be SSH protected, how do you handle that in your library? Reuse external SSH tool, library or integrate all the cryptography?
SSH is not mandatory. We support SSH based on the libssh. Cheers matthias -- Matthias Waehlisch . Freie Universitaet Berlin, Inst. fuer Informatik, AG CST . Takustr. 9, D-14195 Berlin, Germany .. mailto:waehlisch@ieee.org .. http://www.inf.fu-berlin.de/~waehl :. Also: http://inet.cpt.haw-hamburg.de .. http://www.link-lab.net