分页: 1 / 1

[转] A proposal for a new RPKI validator: OpenBSD rpki-client

发表于 : 2019-01-10 13:13
acheng
Overview of the RPKI ecosystem
RPKI is a specialised public key infrastructure (PKI) framework designed to secure the Internet’s routing infrastructure. It uses X.509 PKI Certificates with extensions for IP Addresses and ASNs. For network operators, RPKI resource certificates offer verifiable proof of ownership of a resource’s allocation or assignment by a Regional Internet Registry (RIR). Network operators can create cryptographically verifiable statements (so-called “ROAs”) about the route announcements they authorise to be made for the prefixes they own. Only the legitimate holder of the IP prefix can create a RPKI ROA using their resource certificate. Other network operators can use RPKI Validator software to download and validate these ROAs. The resulting data set can be used for BGP route filtering.
https://medium.com/@jobsnijders/a-propo ... b74e7a3f65