eless for RTR,
as well. Thus, I would stick to SSH (or something else that is
well-deployed and not obsoleted).
Cheers
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehli...@ieee.org .. http
oard and does not cause much userspace / userspace transport
> weirdness since both for linux and BSD its implemented in the kernel.
>
could you give a reference to both, Linux and BSD, TCP-AO
implementations?
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst.
oals,
which is not out-dated, implemented, and beyond the current suggestions.
Best regards
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehli...@ieee.org .. http:
LID".
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehli...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cpt.haw-hamburg.de .. http://www.link-lab.net
__
On Fri, 5 Aug 2011, Randy Bush wrote:
> i would request the wg adopt
>
> draft-ymbk-bgp-origin-validation-mib
> draft-ymbk-rpki-rtr-protocol-mib
>
I support the adoption, as well.
Cheers
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Inf
-ServerImplementation
It currently runs rtr-origin but as soon as NCC Validation tool is
released we will also set such a cache server up.
Using both, rpki01.fra2.de.euro-transit.net and rpki.realmv6.org,
allows to test failover.
Overall, nice playground!
Cheers
matthias
--
Matthias Waehlisch
e ROA origin AS and the origin AS within the BGP
update.
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehli...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cp
of the cases. Coming
back to your question: Yes, most of the announcements are invalid
probably due to the violation of the BCP but I will try to verify in
more detail.
Cheers
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195
t
> offenders" in this case.
>
regarding the first sentence: Have you verified by discussions with
operators?
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehli...@ieee.org .. ht
some RIRs are willing to support the idea and to do some
> cross monitoring (but just speaking for myself).
>
we already run Rob's validator and RIPE NCC Validator (located in
Germany, connected via German NREN); BBN for testing purposes. We are
open to activate performance stats.
Hi Alexey,
I read the document and have no objections.
Cheers
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehli...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cpt.haw
on is based on the RTRlib. If you like it, let me know
;).
See you in Orlando
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehli...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also:
On Thu, 28 Feb 2013, Randy Bush wrote:
> how do i specify my TAL set?
>
future work ;) ... actually, I would more see the question: "how to
specify my cache server". Is this of interest?
Cheers
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer In
plugin using whois to do this, then you can also do it in one query:
>
> Easy to parse:
>
> whois -h whois.bgpmon.net " -m 200.3.12.0/22"
>
true, but we also looked for a funny application for our RTRlib, which
is doing prefix validation in the background.
Cheers
page it just
> retrieved, are you using the Team Cymru service to map IP to AS?
> (http://www.team-cymru.org/Services/ip-to-asn.html)
>
yes, for the IP to prefix mapping we are using the Team Cymru service.
Hope to come up with a more configurable version before IETF.
Cheers
matthia
Hi Carlos,
this should be fixed now. There was a problem with the RTR cache and
validating LACNIC data.
Cheers
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehli...@ieee.org .. http
th origin AS 20 is invalid.
Can you clarify?
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehli...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cpt.haw-ham
quot;. However, it is directly related to the configuration of the
signed object; on the other hand, it harms the RP system.
Does the classification reflects (a) which part of the system is
harmed, (b) which part is used to introduce problems, or (c) a mixture?
I think a clearer separation would be
short-lived prefix cert/ROA approach, which
> generates undesirable churn.
>
> Sriram
>
>
>
>
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/
on data
structures. We started some analysis on this but didn't finish.
My main point was that "such events occur rarely" under normal
conditions. But any owner of a prefix is free to create/update/delete
ROAs on much smaller time scale. Or did you mean the (configured) cache
u
hat the routers needs to inspect the AS Numbers field per entry
anyway.
What is the meaning of the order?
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehli...@ieee.org .. h
ter?
> Given that the rpki-rtr protocol requires duplicate elimination, we do
> need to perform such comparisons, so making them as simple as possible
> seems advisable.
>
I suppose this requires an update of the duplicate description
(similar text of Section 5.6 in Section 5.10, and u
Sorry for the late reply ...
On Sun, 9 Mar 2014, Rob Austein wrote:
> > What happens if the ASNs are not in order (for some strange bug
> > reason)? It wouldn't harm the router?
>
> Point. So maybe caches MUST generate the canonical format but routers
> MAY skip checking to see whether the
results to
the list.
Fell free to contact me offlist in case of further questions or
comments.
Many thanks!
matthias
(on behalf of the team)
[This email has also been sent to RIPE and NANOG folks.]
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Tak
ymous and should not take more than 5 minutes to
commplete.
Thanks
matthias
On Fri, 19 Sep 2014, Matthias Waehlisch wrote:
> Folks,
>
> we, a group of researchers, try to better understand the deployment of
> RPKI and DNSSEC. It's not always easy to find technical reasons
Just to be precise, it's RFC 6916 (BCP 182).
RFC 6912 is about "Principles for Unicode Code Point Inclusion in
Labels in the DNS" - differnet topic ;).
Cheers
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195
asking for input at a very early stage. Please let me know which
features you would like to see in such kind of tool.
Some more details are described here
https://labs.ripe.net/Members/waehlisch/call-for-input-rpki-browser
Thanks
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin
NCC operations, but it doesn’t show the
> ROA for 84.205.80.0/24.
>
OK.
Cheers
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehli...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Al
I support adoption and will provide feedback.
Cheers
matthias
--
Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:waehli...@ieee.org .. http://www.inf.fu-berlin.de/~waehl
:. Also: http://inet.cpt.haw-hamburg.de
; Best regards,
> Thomas
> ___
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>
--
Dr. Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin,
> 3) current/appropriate configuration
>
Same with RTR cache erver.
Cheers
matthias
--
Dr. Matthias Waehlisch
. Freie Universitaet Berlin, Inst. fuer Informatik, AG CST
. Takustr. 9, D-14195 Berlin, Germany
.. mailto:m.waehli...@fu-berlin.de .. h
nd that they will re-read it quickly, provide comments
> >> as appropriate and ideas on preparedness for publication or not.
> >>
> >>
> >> Thanks for you time and attention to this matter,
> >>
> >> -Chris
> >> co-chair-persona
> >&
Hi Randy,
one more: Can you please replace "Invalid" by "Not Valid", because
this is the notation defined in draft-ietf-sidr-bgpsec-protocol-17.
Thanks
matthias
On Thu, 16 Jun 2016, Matthias Waehlisch wrote:
> Hi,
>
> I read v09. No objections only
Thanks! No further comments from my side. Looing forward to publication.
Cheers
matthias
On Fri, 24 Jun 2016, Randy Bush wrote:
> > I read v09. No objections only minor comments:
>
> i hacked in many of these changes, though i think most did not really
> change anything other than an alter
Hi Steve,
On Wed, 27 Jul 2016, Stephen Kent wrote:
> Tim offered no suggestion for a different term, which is not helpful.
>
the suggestion was "unwanted".
I just had a brief look into "Internet Security Glossary, Version 2"
(https://tools.ietf.org/html/rfc4949), "corrupted" could be an
a
35 matches
Mail list logo
