- Agenda bashing
Rudigher needs more time
- Sandy has questions for router-keying
- Erica's presentation
30% of prefixes validated/70% not found
Prefixes are validated on Cisco Routers/Waiting on Timos
328 professional traiined
1150 Signed prefixes since first training
Report:
Nap Colombia:
50% not found
46% valid
5 % invalid
Redclara:
93% not found
5.3% valid
1 % not valid
Matthias:
Origin Val at IXPs.
Legacy RS
757 v4 peers, 614 v6 peers
opt out filtering
Falcon RS (Amsix)
201 v4 and 160 v6
opt in filtering
Lyonnix: 116 peers filtering
10% prefixes invalid
Problem statement and Considerations for ROA
July 4, 2017
Roas 7166, number of ROAS single prefix: 3307, multiple prefixes 3800+
37367 prefixes in 3859 ROAS. (Averate prefixes 9.68)
misconfiguration of ROAs with multiple prefixes a lot more dangerous and seroups issues
Frequent update of ROA leads to multiple bgp updates.
Extending RFC 8208
Get Reserved space for documentation and experimentation only for testing purpose.
Status on Signed Tal
draft adopted as a wg dock.
covers: RPKI Signed object containing TAL, Signal changing URIs and Signal planned key rolls
Should we cover pre-provisioning of new key n case access to current key is lost?
Open Mike:
BGPSec for Sidrops
missing relevant communications for folks involved in operating RPKI?
Specific point: very limited communication where all CAs are publishing 0/0?
very sparse communication...
Randy: Shares the concern... not too optimistics about RIR
RIR didnt have 0/0 trust anchor so they publish one? Chris asked.. and Randy says its correct.
problem is lack of discussion and lack of forum...
Maybe we need some more monitoring and management stuff. Maybe we should write down and document if this is good or bad for.
question of telling about how resources and details for CA operations are done has been raised for number of years and have not been answered. and it doesnt look good.
maybe a point here is to ask RIR to see if they can do better communications.