[ipv6hackers] IPv6 security presentation at Hack.lu 2011

Jean-Michel Combes jeanmichel.combes at gmail.com
Thu Sep 22 21:57:50 CEST 2011


2011/9/22 Geoff Huston <gih at apnic.net>:
> On 23/09/2011, at 5:30 AM, Arturo Servin wrote:
>
>>
>>       Not really.
>>
>>       It is getting worse.
>>
>>       In RPKI RIRs are issuing certificates to entities that have received resources (IPv4, IPv6 and ASNs) from them. Those entities will use those certificates to create other objects (called ROAs) that will be used by routers to perform origin validation in BGP.
>>
>>       It has to do nothing with SEND.
>>
>>       And there are several documents describing RPKI, not just one. See (basically the ones in the Editors Queue):
>>
>> http://tools.ietf.org/wg/sidr/
>>
>> Regards.
>> as
>>
>
> Actually, as far as I am aware the answer is yes, RPKI can be used to support EE certs issued to routers, or at least that was the intention back in 2009 when we were working on the RPKI and SEND documents in the IETF.
>

Yes, that was the main reason for draft-ietf-csi-send-cert submission
in CSI WG: to be compliant with RPKI specifications in SIDR WG.

Best regards.

JMC.

[snip]

>
>   Geoff
>
>
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>



More information about the Ipv6hackers mailing list