I concur. Four out of five RIR Trust Anchor Locators were recently updated to allow fetching the Trust Anchor via an HTTPS URI, further removing the dependence on rsync. Sadly, most TALs are not clearly published anywhere and I had to get them though GitHub issues and emails to be able to include them in the latest Routinator release.
These are what we believe to be the correct, up-to-date RPKI TALs: https://github.com/NLnetLabs/routinator/tree/master/tals You can find more discussion about this topic here: https://github.com/NICMx/FORT-validator/issues/34 https://github.com/RIPE-NCC/rpki-validator-3/pull/215 RPA grief aside, ARIN seems to be the only RIR that publishes the latest version of their TAL clearly and correctly: https://www.arin.net/resources/manage/rpki/tal/ -Alex > On 2 Aug 2020, at 20:52, Randy Bush <ra...@psg.com> wrote: > > so i was trying to ensure i had a current set of TALs and was directed to > > > https://www.ripe.net/manage-ips-and-asns/resource-management/certification/ripe-ncc-rpki-trust-anchor-structure > > the supposed TAL at the bottom of the page is pretty creative. anyone > know what to do there? > > i kinda hacked with emacs and get > > rsync://rpki.ripe.net/ta/ripe-ncc-ta.cerpublic.key.info > > > MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0URYSGqUz2myBsOzeW1jQ6NsxNvlLMyhWknvnl8NiBCs/T/S2XuNKQNZ+wBZxIgPPV2pFBFeQAvoH/WK83HwA26V2siwm/MY2nKZ+Olw+wlpzlZ1p3Ipj2eNcKrmit8BwBC8xImzuCGaV0jkRB0GZ0hoH6Ml03umLprRsn6v0xOP0+l6Qc1ZHMFVFb385IQ7FQQTcVIxrdeMsoyJq9eMkE6DoclHhF/NlSllXubASQ9KUWqJ0+Ot3QCXr4LXECMfkpkVR2TZT+v5v658bHVs6ZxRD1b6Uk1uQKAyHUbn/tXvP8lrjAibGzVsXDT2L0x4Edx+QdixPgOji3gBMyL2VwIDAQAB > > but kinda expected an rrdp uri too > > and, to add insult to injury, the APNIC web page with their TAL > > https://www.apnic.net/community/security/resource-certification/ > > requires javascript! > > not to mention the ARIN stupidity > > as if we needed another exercise in bureaucrats making operations > painful. most operations of any size have internal departments > perfectly capable of doing that. > > randy
