Skip to Content.
Sympa Menu

netsec-sig - [Security-WG] Call for RPKI expertise

Subject: Internet2 Network Security SIG

List archive

[Security-WG] Call for RPKI expertise


Chronological Thread 
  • From: "Brock, Anthony" <>
  • To: "" <>
  • Subject: [Security-WG] Call for RPKI expertise
  • Date: Fri, 1 Jul 2016 21:55:15 +0000
  • Accept-language: en-US

All,

 

Is anyone interested in contributing their experiences with RPKI to the community?

 

Please respond to this thread or let Karl know if your willing to provide guidance, stories or lessons learned. We would like to start pulling together information and resources before TechEx. Thanks!

 

Tony

 

 

From: [mailto:] On Behalf Of Karl Newell
Sent: Wednesday, June 01, 2016 3:45 PM
To:
Subject: [Security-WG] Global Summit RPKI session notes

 

Below are the notes from the RPKI session held at Global Summit two weeks ago.  

 

One action item is to form a group to start implementing RPKI.  Some community members have already embarked on this journey and we’ll look to them for guidance.  I figure we can use this list to communicate until there’s too much chatter and we can split off.  

 

I’ll send more emails as I figure out a framework for this project.  In the meantime, who’s interested in participating?  How much experience do you have with RPKI?

 

Cheers,

Karl

 

 

notes from RPKI

  develop document for CIO,CISO

    focuses on RPKI awareness and addressing ARIN policy concerns

    Steve Wallace, Andrew Gallo to lead?

 

  Russ Clark - share documentation on RPKI experiences

    Tested both ARIN and self-generated certs

    Do you still want to self sign certs?

    Cisco 6500 doesn’t support. ASR does support but few have ASR's

    If you have current RSA with them, ARIN won’t demand you do the click through.

 

  General discussion:

    ARIN needs agreements for legacy v4 space. Many university IPv4 blocks pre-date ARIN.

    Do schools need to bring ARIN agreements up to date?

    DNSSEC also requires ARIN agreement.

    Are there incidents to share where it would influence opinion?

    Lobby CIO’s to make a statement

    For cloud services you should ask what the resource does – do they use RPKI?

 

    Stakeholders:

    -CIOs

    -CISO’s

    -network engineers

     

    BGP hijacks – metrics on malicious vs fat finger?

     

    Focus on IPv6 because you had to have signed the RSA

 

  Action items:

    CIO/CISO document

      Steve Wallace, Andrew Gallo

    Form group to start implementing RPKI (Karl will put out a call to Security WG)

      separate email list if necessary

      two distinct projects

        create and sign ROA

          hosted vs delegated

        validate routes

 

 

--

Karl Newell

Cyberinfrastructure Security Engineer

Internet2

520-344-0459

 


  • [Security-WG] Call for RPKI expertise, Brock, Anthony, 07/01/2016

Archive powered by MHonArc 2.6.19.

Top of Page