#bgpsec — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #bgpsec, aggregated by home.social.
-
also available in English:
Adoption of RPKI/ROV security protocol progressing very quickly -- Next step is implementation of ASPAAlthough RPKI/ROV is being adopted very quickly, it's still early days for the other two RPKI-based protocols. Anyone now running RPKI with ROV will be able to take the next step to ASPA in the next few years. Where BGPsec is concerned, it's a question of waiting for the next generation of routing systems.
-
op SIDN.nl:
RPKI/ROV-beveiligingsprotocol maakt razendsnelle adoptie door -- Volgende stap is implementatie van ASPA
https://www.sidn.nl/nieuws-en-blogs/rpki-rov-beveiligingsprotocol-maakt-razendsnelle-adoptie-doorWaar RPKI/ROV een heel snelle adoptie heeft doorgemaakt, is het voor de andere twee RPKI-gebaseerde protocollen nog net te vroeg. Wie nu RPKI met ROV heeft draaien, zal een dezer jaren de vervolgstap naar ASPA kunnen maken. Voor BGPsec is het wachten op de volgende generatie routersystemen.
-
#FCC-Chefin will das #BorderGatewayProtocol absichern | Security https://www.heise.de/news/FCC-Chefin-will-das-Border-Gateway-Protocol-absichern-9721893.html #BGP #BGPsec
-
As announced at #RIPE86, the RIPE NCC #RPKI Publication Service is now in production and proving quite popular. 167 CAs are now active, publishing 2100 ROAs, resulting in 3671 VRPs. It’s easy to set this up, and will allow you to sub-delegate resources, do #ASPA, as well as #BGPsec. https://blog.nlnetlabs.nl/running-krill-under-ripe-ncc/
-
Perfectly timed for all the #RoutingSecurity discussions at #RIPE86, we’re proud to launch Krill 0.13. This release introduces production grade #ASPA support in addition to #BGPsec. It also adds a full #RPKI Trust Anchor support, enabling RIRs to run Krill as their root CA solution. https://github.com/NLnetLabs/krill/releases/tag/v0.13.0
-
Our #BGP #routing team will be available at #RIPE86 as well:
🛰️ Excited by our #OpenSource modular #BGP toolkit Rotonda? It's written in #rustlang too, making it insanely fast while providing #MemorySafety. Talk to @jasper, Luuk or Ximon about our imminent launch.
🦐 Meanwhile, we’ve been cooking up #ASPA support to compliment #BGPsec in Krill, our #RPKI CA software. Tim can tell you all about it, along with our future plans. -
Krill 0.10.0 is now available, featuring support for #BGPSec Router Certificate Signing and the use of Hardware Security Modules (HSMs) for key operations. #RPKI https://github.com/NLnetLabs/krill/releases/tag/v0.10.0
-
Now, Ignas Bagdonas benchmarks #BGPsec performance. On his lab setup, it is awfully slow.
Interesting explanations about software optimisation. BGPsec uses SHA-2 (hard for memory, cool for the CPU) and ECDSA (the opposite): do them in parallel (but the BGPsec format of data does not make it easy).
-
The conclusion is pessimistic: #BGPsec is too expensive for the routers (layout of the data is not optimized, too many shuffles necessary).
Interesting discussion about protocol design: should protocols take into account the specifics of today's machines (some machines, actually)? Protocols live longer than machines...
-
Next, #BGPsec scalability: what if everyone (and his cat) started to use BGPsec? Are we all going to die? Can routers do SHA-2 (fast but touches memory) and P-256 (slow but does not touch memory) quickly enough?