Hi Terry, On 5/18/10 7:34 AM, Terry Manderson wrote: > > Are there any software releases that implement the compound trust anchor > given that the idea has been in document play (and presumably adopted as the > direction in the WG) since august '09? > > If so, please email URLs.
We have a 'work-in-progress' implementation here: rsync://certrepo.ripe.net/certeta/CN=ETA,O=RIPE%20NCC,C=NL.cer It is not following spec currently: - we have multiple RTACMS objects - we have a manifest - we use the 'RTA' as the production certificate for the test RPKI We plan to revise this over the next month or so and do a new release that should be in line with the current draft: - One RTACMS object - True compound, have the RTA part sign our production cert - No more manifest .. and possibly other modifications in case we missed something -- we plan to double check this ourselves of course, but your feedback is welcome. Our validator also handles our current, off-spec, implementation of the compound trust anchor, but is currently only available to members that participate in our test programme. We plan to make this validator available to a wider public as well (and update its compound TA handling). If people on this list are interested I can make sure we send a ping to this list when it's available. Cheers, Tim Senior Software Developer RIPE NCC _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr