[转] A proposal for a new RPKI validator: OpenBSD rpki-client

在OpenBSD环境下搭建各种服务器的相关讨论。

版主: lionux天地乾坤chenjun

回复
头像
acheng
锌 Zn
帖子: 576
注册时间: 2011-07-07 21:52

[转] A proposal for a new RPKI validator: OpenBSD rpki-client

帖子 acheng » 2019-01-10 13:13

Overview of the RPKI ecosystem
RPKI is a specialised public key infrastructure (PKI) framework designed to secure the Internet’s routing infrastructure. It uses X.509 PKI Certificates with extensions for IP Addresses and ASNs. For network operators, RPKI resource certificates offer verifiable proof of ownership of a resource’s allocation or assignment by a Regional Internet Registry (RIR). Network operators can create cryptographically verifiable statements (so-called “ROAs”) about the route announcements they authorise to be made for the prefixes they own. Only the legitimate holder of the IP prefix can create a RPKI ROA using their resource certificate. Other network operators can use RPKI Validator software to download and validate these ROAs. The resulting data set can be used for BGP route filtering.
https://medium.com/@jobsnijders/a-propo ... b74e7a3f65

回复

在线用户

正浏览此版面之用户: 没有注册用户 和 1 访客