home.social

#bgpsec — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #bgpsec, aggregated by home.social.

  1. also available in English:
    Adoption of RPKI/ROV security protocol progressing very quickly -- Next step is implementation of ASPA

    Although RPKI/ROV is being adopted very quickly, it's still early days for the other two RPKI-based protocols. Anyone now running RPKI with ROV will be able to take the next step to ASPA in the next few years. Where BGPsec is concerned, it's a question of waiting for the next generation of routing systems.

    #RPKI #ASPA #BGPsec #BGP #IPv6 #InternetSecurity

  2. op SIDN.nl:
    RPKI/ROV-beveiligingsprotocol maakt razendsnelle adoptie door -- Volgende stap is implementatie van ASPA
    sidn.nl/nieuws-en-blogs/rpki-r

    Waar RPKI/ROV een heel snelle adoptie heeft doorgemaakt, is het voor de andere twee RPKI-gebaseerde protocollen nog net te vroeg. Wie nu RPKI met ROV heeft draaien, zal een dezer jaren de vervolgstap naar ASPA kunnen maken. Voor BGPsec is het wachten op de volgende generatie routersystemen.

    #RPKI #ASPA #BGPsec #BGP #IPv6 #InternetSecurity

  3. As announced at #RIPE86, the RIPE NCC #RPKI Publication Service is now in production and proving quite popular. 167 CAs are now active, publishing 2100 ROAs, resulting in 3671 VRPs. It’s easy to set this up, and will allow you to sub-delegate resources, do #ASPA, as well as #BGPsec. blog.nlnetlabs.nl/running-kril

  4. Let’s kick off the #RIPE86 #BGP routing working group with some #RPKI numbers. In the global RPKI there are 149,606 ROAs resulting in 433,197 VRPs. Also, 3 #BGPsec router keys and 64 #ASPA objects out in the wild.

  5. Perfectly timed for all the discussions at , we’re proud to launch Krill 0.13. This release introduces production grade support in addition to . It also adds a full Trust Anchor support, enabling RIRs to run Krill as their root CA solution. github.com/NLnetLabs/krill/rel

  6. Nearly 20,000 certificates have been issued, and the RPKI publication service is in production. This means you have all the advantages of running Krill - including and support - and publish at the RIPE NCC.

  7. Our team will be available at as well:
    🛰️ Excited by our modular toolkit Rotonda? It's written in too, making it insanely fast while providing . Talk to @jasper, Luuk or Ximon about our imminent launch.
    🦐 Meanwhile, we’ve been cooking up support to compliment in Krill, our CA software. Tim can tell you all about it, along with our future plans.

  8. Krill 0.10.0 is now available, featuring support for #BGPSec Router Certificate Signing and the use of Hardware Security Modules (HSMs) for key operations. #RPKI github.com/NLnetLabs/krill/rel

  9. Now, Ignas Bagdonas benchmarks #BGPsec performance. On his lab setup, it is awfully slow.

    Interesting explanations about software optimisation. BGPsec uses SHA-2 (hard for memory, cool for the CPU) and ECDSA (the opposite): do them in parallel (but the BGPsec format of data does not make it easy).

    #RIPE84 #BGP

  10. The conclusion is pessimistic: #BGPsec is too expensive for the routers (layout of the data is not optimized, too many shuffles necessary).

    Interesting discussion about protocol design: should protocols take into account the specifics of today's machines (some machines, actually)? Protocols live longer than machines...

    #IETF

  11. Next, #BGPsec scalability: what if everyone (and his cat) started to use BGPsec? Are we all going to die? Can routers do SHA-2 (fast but touches memory) and P-256 (slow but does not touch memory) quickly enough?

    #IETF