On Tue, Mar 20, 2012 at 07:23:19PM +0100, Matthias Waehlisch wrote:
Hi Mike,
do you also intend to implement prefix origin validation according to IETF/SIDR specs?
Maybe as a side note: We implemented the RTR protocol as a lightweight and very efficient C library, which allows to exchange validated ROAs between cache and router and to perform origin validation.
We have beta ROA checking in GIT code and will be a part of the next release, which will be in a few days. Currently, it is just a local part (ROA data structure and filters with possibility to statically configure ROAs or add/remove them dynamically using birdc), integration with RPKI / RTR exchange protocol is planned to be added later, i will probably embed or reuse your library. BTW, if i remember correctly, connection between router and RPKI cache is required to be SSH protected, how do you handle that in your library? Reuse external SSH tool, library or integrate all the cryptography? -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."