SlideShare a Scribd company logo

Validation of RPKI Objects Using a Local Cache

RIPE NCC
RIPE NCC

Presentation given by Tim Bruijnzeels at IETF 85 in Atlanta, GA, USA on 8 November 2012

Lifestyle
1 of 5
Download to read offline
Validation of RPKI objects using a local cache Thursday, November 8, 12
Problems with current • Very tight coupling to rsync – Need to process objects not on manifest – Vulnerable to updates happening during fetch • Prefix validate wants to know all ROAs • Implementations use URI as identifiers for objects – Multiple publication points complicated – Same for alternative fetch mechanisms Tim Bruijnzeels, IETF85 2 Thursday, November 8, 12
Decoupling object retrieval • Use SIA, AIA and CRLDP only for object discovery • Allows for other retrieval mechanisms – rsync – bittorrent – http with / without deltas – multiple publication points – other.. Tim Bruijnzeels, IETF85 3 Thursday, November 8, 12
Validation using ‘just objects’ find by: find by: Key Identifier hash TA Cert MFT EE CRL there can be SKI AKI AKI only one... TAL latest? CA1 Cert MFT EE signature ok? SKI AKI all objects? CA2 Cert MFT EE SKI AKI Tim Bruijnzeels, IETF85 4 Thursday, November 8, 12
Differences from current RFCs • Strict interpretation of current repository standards – Some clarification for CAs might be useful: MUST 1 mft, 1 crl, all objects that need to be known • Manifests authoritative source for walking the tree – Ignores objects that the CA does not put on mft – May be strict if objects are missing, e.g. go with last known good state if available • SIA, AIA and CRLDP only for discovery Tim Bruijnzeels, IETF85 5 Thursday, November 8, 12

Recommended

RIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC
 
140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikov140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikovRIPE NCC
 
Policy Making: A Powerful Tool
Policy Making: A Powerful ToolPolicy Making: A Powerful Tool
Policy Making: A Powerful ToolRIPE NCC
 
IPv4 Hijacking: Our Experience
IPv4 Hijacking: Our ExperienceIPv4 Hijacking: Our Experience
IPv4 Hijacking: Our ExperienceRIPE NCC
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification TutorialRIPE NCC
 
"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6RIPE NCC
 
Are Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasAre Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasRIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE AtlasRIPE NCC
 

Recommended

RIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC
 
140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikov140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikovRIPE NCC
 
Policy Making: A Powerful Tool
Policy Making: A Powerful ToolPolicy Making: A Powerful Tool
Policy Making: A Powerful ToolRIPE NCC
 
IPv4 Hijacking: Our Experience
IPv4 Hijacking: Our ExperienceIPv4 Hijacking: Our Experience
IPv4 Hijacking: Our ExperienceRIPE NCC
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification TutorialRIPE NCC
 
"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6RIPE NCC
 
Are Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasAre Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasRIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE AtlasRIPE NCC
 
Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryRIPE NCC
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionRIPE NCC
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in TechRIPE NCC
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfRIPE NCC
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISRIPE NCC
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopRIPE NCC
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfRIPE NCC
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfRIPE NCC
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsRIPE NCC
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing SecurityRIPE NCC
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfRIPE NCC
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasRIPE NCC
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasRIPE NCC
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet InfrastructureRIPE NCC
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenRIPE NCC
 
Private : +91 9999965857 Affairs: Paschim Vihar Call Girls {{ Monika}} Delh...
Private : +91 9999965857 Affairs: Paschim Vihar Call Girls {{ Monika}} Delh...Private : +91 9999965857 Affairs: Paschim Vihar Call Girls {{ Monika}} Delh...
Private : +91 9999965857 Affairs: Paschim Vihar Call Girls {{ Monika}} Delh...Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Call Girls Udaipur Just Call 9602870969 Top Class Call Girl Service Available
Call Girls Udaipur Just Call 9602870969 Top Class Call Girl Service AvailableCall Girls Udaipur Just Call 9602870969 Top Class Call Girl Service Available
Call Girls Udaipur Just Call 9602870969 Top Class Call Girl Service AvailableApsara Of India
 

More Related Content

More from RIPE NCC

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryRIPE NCC
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionRIPE NCC
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in TechRIPE NCC
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfRIPE NCC
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISRIPE NCC
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopRIPE NCC
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfRIPE NCC
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfRIPE NCC
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsRIPE NCC
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing SecurityRIPE NCC
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfRIPE NCC
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasRIPE NCC
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasRIPE NCC
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet InfrastructureRIPE NCC
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenRIPE NCC
 

More from RIPE NCC (20)

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet Registry
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate Action
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in Tech
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement Tools
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the Baltics
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing Security
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE Atlas
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement Services
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in Sweden
 

Recently uploaded

Call Girls Udaipur Just Call 9602870969 Top Class Call Girl Service Available
Call Girls Udaipur Just Call 9602870969 Top Class Call Girl Service AvailableCall Girls Udaipur Just Call 9602870969 Top Class Call Girl Service Available
Call Girls Udaipur Just Call 9602870969 Top Class Call Girl Service AvailableApsara Of India
 
UDAIPUR CALL GIRLS 96O287O969 CALL GIRL IN UDAIPUR ESCORT SERVICE
UDAIPUR CALL GIRLS 96O287O969 CALL GIRL IN UDAIPUR ESCORT SERVICEUDAIPUR CALL GIRLS 96O287O969 CALL GIRL IN UDAIPUR ESCORT SERVICE
UDAIPUR CALL GIRLS 96O287O969 CALL GIRL IN UDAIPUR ESCORT SERVICEApsara Of India
 
Call Girls In Panipat 08860008073 ✨Top Call Girl Service Panipat Escorts
Call Girls In Panipat 08860008073 ✨Top Call Girl Service Panipat EscortsCall Girls In Panipat 08860008073 ✨Top Call Girl Service Panipat Escorts
Call Girls In Panipat 08860008073 ✨Top Call Girl Service Panipat EscortsApsara Of India
 
Call Now ☎ 8264348440 !! Call Girls in Govindpuri Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Govindpuri Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Govindpuri Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Govindpuri Escort Service Delhi N.C.R.soniya singh
 
VIP 💞🌷Call Girls In Karnal 08168329307 Escorts Service Nilokheri Call Girls
VIP 💞🌷Call Girls In Karnal 08168329307 Escorts Service Nilokheri Call GirlsVIP 💞🌷Call Girls In Karnal 08168329307 Escorts Service Nilokheri Call Girls
VIP 💞🌷Call Girls In Karnal 08168329307 Escorts Service Nilokheri Call GirlsApsara Of India
 
Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -
Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -
Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -Pooja Nehwal
 
Call Girls in Sarita Vihar__ 8448079011 Escort Service in Delhi
Call Girls in Sarita Vihar__ 8448079011 Escort Service in DelhiCall Girls in Sarita Vihar__ 8448079011 Escort Service in Delhi
Call Girls in Sarita Vihar__ 8448079011 Escort Service in DelhiRaviSingh594208
 
Call Girls in mahipalpur Delhi 8264348440 ✅ call girls ❤️
Call Girls in mahipalpur Delhi 8264348440 ✅ call girls ❤️Call Girls in mahipalpur Delhi 8264348440 ✅ call girls ❤️
Call Girls in mahipalpur Delhi 8264348440 ✅ call girls ❤️soniya singh
 
Top 10 Makeup Brands in India for women
Top 10 Makeup Brands in India for womenTop 10 Makeup Brands in India for women
Top 10 Makeup Brands in India for womenAkshitaBhatt19
 
💕COD Call Girls In Kurukshetra 08168329307 Pehowa Escort Service
💕COD Call Girls In Kurukshetra 08168329307 Pehowa Escort Service💕COD Call Girls In Kurukshetra 08168329307 Pehowa Escort Service
💕COD Call Girls In Kurukshetra 08168329307 Pehowa Escort ServiceApsara Of India
 
AliExpress Clothing Brand Media Planning
AliExpress Clothing Brand Media PlanningAliExpress Clothing Brand Media Planning
AliExpress Clothing Brand Media Planningjen_giacalone
 
Call Girls In Karol Bagh__ 8448079011 Escort Service in Delhi
Call Girls In Karol Bagh__ 8448079011 Escort Service in DelhiCall Girls In Karol Bagh__ 8448079011 Escort Service in Delhi
Call Girls In Karol Bagh__ 8448079011 Escort Service in DelhiRaviSingh594208
 
"Maximizing your savings:The power of financial planning".pptx
"Maximizing your savings:The power of financial planning".pptx"Maximizing your savings:The power of financial planning".pptx
"Maximizing your savings:The power of financial planning".pptxsadiisadiimano
 
Dubai Call Girls Phone O525547819 Take+ Call Girls Dubai=
Dubai Call Girls Phone O525547819 Take+ Call Girls Dubai=Dubai Call Girls Phone O525547819 Take+ Call Girls Dubai=
Dubai Call Girls Phone O525547819 Take+ Call Girls Dubai=kojalkojal131
 
All Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort Service
All Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort ServiceAll Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort Service
All Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort ServiceApsara Of India
 
Hi Profile Escorts In Udaipur 09602870969 Call Girls in Sobaghpura Bhopalpura
Hi Profile Escorts In Udaipur 09602870969 Call Girls in Sobaghpura BhopalpuraHi Profile Escorts In Udaipur 09602870969 Call Girls in Sobaghpura Bhopalpura
Hi Profile Escorts In Udaipur 09602870969 Call Girls in Sobaghpura BhopalpuraApsara Of India
 
❤️Call Girls In Chandigarh 08168329307 Dera Bassi Zirakpur Panchkula Escort S...
❤️Call Girls In Chandigarh 08168329307 Dera Bassi Zirakpur Panchkula Escort S...❤️Call Girls In Chandigarh 08168329307 Dera Bassi Zirakpur Panchkula Escort S...
❤️Call Girls In Chandigarh 08168329307 Dera Bassi Zirakpur Panchkula Escort S...Apsara Of India
 

Recently uploaded (20)

Private : +91 9999965857 Affairs: Paschim Vihar Call Girls {{ Monika}} Delh...
Private : +91 9999965857 Affairs: Paschim Vihar Call Girls {{ Monika}} Delh...Private : +91 9999965857 Affairs: Paschim Vihar Call Girls {{ Monika}} Delh...
Private : +91 9999965857 Affairs: Paschim Vihar Call Girls {{ Monika}} Delh...
 
Call Girls Udaipur Just Call 9602870969 Top Class Call Girl Service Available
Call Girls Udaipur Just Call 9602870969 Top Class Call Girl Service AvailableCall Girls Udaipur Just Call 9602870969 Top Class Call Girl Service Available
Call Girls Udaipur Just Call 9602870969 Top Class Call Girl Service Available
 
UDAIPUR CALL GIRLS 96O287O969 CALL GIRL IN UDAIPUR ESCORT SERVICE
UDAIPUR CALL GIRLS 96O287O969 CALL GIRL IN UDAIPUR ESCORT SERVICEUDAIPUR CALL GIRLS 96O287O969 CALL GIRL IN UDAIPUR ESCORT SERVICE
UDAIPUR CALL GIRLS 96O287O969 CALL GIRL IN UDAIPUR ESCORT SERVICE
 
Call Girls In Panipat 08860008073 ✨Top Call Girl Service Panipat Escorts
Call Girls In Panipat 08860008073 ✨Top Call Girl Service Panipat EscortsCall Girls In Panipat 08860008073 ✨Top Call Girl Service Panipat Escorts
Call Girls In Panipat 08860008073 ✨Top Call Girl Service Panipat Escorts
 
Russian Call Girls Rohini Sector 25 💓 Delhi 9999965857 @Sabina Modi VVIP MODE...
Russian Call Girls Rohini Sector 25 💓 Delhi 9999965857 @Sabina Modi VVIP MODE...Russian Call Girls Rohini Sector 25 💓 Delhi 9999965857 @Sabina Modi VVIP MODE...
Russian Call Girls Rohini Sector 25 💓 Delhi 9999965857 @Sabina Modi VVIP MODE...
 
Call Now ☎ 8264348440 !! Call Girls in Govindpuri Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Govindpuri Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Govindpuri Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Govindpuri Escort Service Delhi N.C.R.
 
VIP 💞🌷Call Girls In Karnal 08168329307 Escorts Service Nilokheri Call Girls
VIP 💞🌷Call Girls In Karnal 08168329307 Escorts Service Nilokheri Call GirlsVIP 💞🌷Call Girls In Karnal 08168329307 Escorts Service Nilokheri Call Girls
VIP 💞🌷Call Girls In Karnal 08168329307 Escorts Service Nilokheri Call Girls
 
Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -
Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -
Mumbai Call Girls Malad West WhatsApp 9892124323 Full Night Enjoy -
 
Call Girls in Sarita Vihar__ 8448079011 Escort Service in Delhi
Call Girls in Sarita Vihar__ 8448079011 Escort Service in DelhiCall Girls in Sarita Vihar__ 8448079011 Escort Service in Delhi
Call Girls in Sarita Vihar__ 8448079011 Escort Service in Delhi
 
Call Girls in mahipalpur Delhi 8264348440 ✅ call girls ❤️
Call Girls in mahipalpur Delhi 8264348440 ✅ call girls ❤️Call Girls in mahipalpur Delhi 8264348440 ✅ call girls ❤️
Call Girls in mahipalpur Delhi 8264348440 ✅ call girls ❤️
 
Top 10 Makeup Brands in India for women
Top 10 Makeup Brands in India for womenTop 10 Makeup Brands in India for women
Top 10 Makeup Brands in India for women
 
💕COD Call Girls In Kurukshetra 08168329307 Pehowa Escort Service
💕COD Call Girls In Kurukshetra 08168329307 Pehowa Escort Service💕COD Call Girls In Kurukshetra 08168329307 Pehowa Escort Service
💕COD Call Girls In Kurukshetra 08168329307 Pehowa Escort Service
 
AliExpress Clothing Brand Media Planning
AliExpress Clothing Brand Media PlanningAliExpress Clothing Brand Media Planning
AliExpress Clothing Brand Media Planning
 
Call Girls In Karol Bagh__ 8448079011 Escort Service in Delhi
Call Girls In Karol Bagh__ 8448079011 Escort Service in DelhiCall Girls In Karol Bagh__ 8448079011 Escort Service in Delhi
Call Girls In Karol Bagh__ 8448079011 Escort Service in Delhi
 
"Maximizing your savings:The power of financial planning".pptx
"Maximizing your savings:The power of financial planning".pptx"Maximizing your savings:The power of financial planning".pptx
"Maximizing your savings:The power of financial planning".pptx
 
Dubai Call Girls Phone O525547819 Take+ Call Girls Dubai=
Dubai Call Girls Phone O525547819 Take+ Call Girls Dubai=Dubai Call Girls Phone O525547819 Take+ Call Girls Dubai=
Dubai Call Girls Phone O525547819 Take+ Call Girls Dubai=
 
All Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort Service
All Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort ServiceAll Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort Service
All Hotel Karnal Call Girls 08168329307 Noor Mahal Karnal Escort Service
 
Rohini Sector 24 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 24 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 24 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 24 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Hi Profile Escorts In Udaipur 09602870969 Call Girls in Sobaghpura Bhopalpura
Hi Profile Escorts In Udaipur 09602870969 Call Girls in Sobaghpura BhopalpuraHi Profile Escorts In Udaipur 09602870969 Call Girls in Sobaghpura Bhopalpura
Hi Profile Escorts In Udaipur 09602870969 Call Girls in Sobaghpura Bhopalpura
 
❤️Call Girls In Chandigarh 08168329307 Dera Bassi Zirakpur Panchkula Escort S...
❤️Call Girls In Chandigarh 08168329307 Dera Bassi Zirakpur Panchkula Escort S...❤️Call Girls In Chandigarh 08168329307 Dera Bassi Zirakpur Panchkula Escort S...
❤️Call Girls In Chandigarh 08168329307 Dera Bassi Zirakpur Panchkula Escort S...
 

Validation of RPKI Objects Using a Local Cache

  • 1. Validation of RPKI objects using a local cache Thursday, November 8, 12
  • 2. Problems with current • Very tight coupling to rsync – Need to process objects not on manifest – Vulnerable to updates happening during fetch • Prefix validate wants to know all ROAs • Implementations use URI as identifiers for objects – Multiple publication points complicated – Same for alternative fetch mechanisms Tim Bruijnzeels, IETF85 2 Thursday, November 8, 12
  • 3. Decoupling object retrieval • Use SIA, AIA and CRLDP only for object discovery • Allows for other retrieval mechanisms – rsync – bittorrent – http with / without deltas – multiple publication points – other.. Tim Bruijnzeels, IETF85 3 Thursday, November 8, 12
  • 4. Validation using ‘just objects’ find by: find by: Key Identifier hash TA Cert MFT EE CRL there can be SKI AKI AKI only one... TAL latest? CA1 Cert MFT EE signature ok? SKI AKI all objects? CA2 Cert MFT EE SKI AKI Tim Bruijnzeels, IETF85 4 Thursday, November 8, 12
  • 5. Differences from current RFCs • Strict interpretation of current repository standards – Some clarification for CAs might be useful: MUST 1 mft, 1 crl, all objects that need to be known • Manifests authoritative source for walking the tree – Ignores objects that the CA does not put on mft – May be strict if objects are missing, e.g. go with last known good state if available • SIA, AIA and CRLDP only for discovery Tim Bruijnzeels, IETF85 5 Thursday, November 8, 12