SlideShare a Scribd company logo

Validation of RPKI Objects Using a Local Cache

RIPE NCC
RIPE NCC

Presentation given by Tim Bruijnzeels at IETF 85 in Atlanta, GA, USA on 8 November 2012

Lifestyle
1 of 5
Download to read offline
Validation of RPKI objects using a local cache Thursday, November 8, 12
Problems with current • Very tight coupling to rsync – Need to process objects not on manifest – Vulnerable to updates happening during fetch • Prefix validate wants to know all ROAs • Implementations use URI as identifiers for objects – Multiple publication points complicated – Same for alternative fetch mechanisms Tim Bruijnzeels, IETF85 2 Thursday, November 8, 12
Decoupling object retrieval • Use SIA, AIA and CRLDP only for object discovery • Allows for other retrieval mechanisms – rsync – bittorrent – http with / without deltas – multiple publication points – other.. Tim Bruijnzeels, IETF85 3 Thursday, November 8, 12
Validation using ‘just objects’ find by: find by: Key Identifier hash TA Cert MFT EE CRL there can be SKI AKI AKI only one... TAL latest? CA1 Cert MFT EE signature ok? SKI AKI all objects? CA2 Cert MFT EE SKI AKI Tim Bruijnzeels, IETF85 4 Thursday, November 8, 12
Differences from current RFCs • Strict interpretation of current repository standards – Some clarification for CAs might be useful: MUST 1 mft, 1 crl, all objects that need to be known • Manifests authoritative source for walking the tree – Ignores objects that the CA does not put on mft – May be strict if objects are missing, e.g. go with last known good state if available • SIA, AIA and CRLDP only for discovery Tim Bruijnzeels, IETF85 5 Thursday, November 8, 12

Recommended

RIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC
 
140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikov140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikovRIPE NCC
 
Policy Making: A Powerful Tool
Policy Making: A Powerful ToolPolicy Making: A Powerful Tool
Policy Making: A Powerful ToolRIPE NCC
 
IPv4 Hijacking: Our Experience
IPv4 Hijacking: Our ExperienceIPv4 Hijacking: Our Experience
IPv4 Hijacking: Our ExperienceRIPE NCC
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification TutorialRIPE NCC
 
"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6RIPE NCC
 
Are Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasAre Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasRIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE AtlasRIPE NCC
 

Recommended

RIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC Regional Outreach/IANA Oversight Transition
RIPE NCC Regional Outreach/IANA Oversight TransitionRIPE NCC
 
140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikov140909 enog 8 - internet governance update - maxim burtikov
140909 enog 8 - internet governance update - maxim burtikovRIPE NCC
 
Policy Making: A Powerful Tool
Policy Making: A Powerful ToolPolicy Making: A Powerful Tool
Policy Making: A Powerful ToolRIPE NCC
 
IPv4 Hijacking: Our Experience
IPv4 Hijacking: Our ExperienceIPv4 Hijacking: Our Experience
IPv4 Hijacking: Our ExperienceRIPE NCC
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification TutorialRIPE NCC
 
"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6RIPE NCC
 
Are Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasAre Dutch Internet Paths Local - A Measurement Study Using RIPE Atlas
Are Dutch Internet Paths Local - A Measurement Study Using RIPE AtlasRIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE AtlasRIPE NCC
 
Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryRIPE NCC
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionRIPE NCC
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in TechRIPE NCC
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfRIPE NCC
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISRIPE NCC
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopRIPE NCC
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfRIPE NCC
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfRIPE NCC
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsRIPE NCC
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing SecurityRIPE NCC
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfRIPE NCC
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasRIPE NCC
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasRIPE NCC
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet InfrastructureRIPE NCC
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenRIPE NCC
 
Tumkur Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tumkur
Tumkur Escorts Service Girl ^ 9332606886, WhatsApp Anytime TumkurTumkur Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tumkur
Tumkur Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tumkurmeghakumariji156
 
{ Pooja 9892124323 } girls birds call girls netflix funny names to call girls...
{ Pooja 9892124323 } girls birds call girls netflix funny names to call girls...{ Pooja 9892124323 } girls birds call girls netflix funny names to call girls...
{ Pooja 9892124323 } girls birds call girls netflix funny names to call girls...Pooja Nehwal
 

More Related Content

More from RIPE NCC

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryRIPE NCC
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionRIPE NCC
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in TechRIPE NCC
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfRIPE NCC
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISRIPE NCC
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopRIPE NCC
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfRIPE NCC
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfRIPE NCC
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsRIPE NCC
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing SecurityRIPE NCC
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfRIPE NCC
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasRIPE NCC
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasRIPE NCC
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet InfrastructureRIPE NCC
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenRIPE NCC
 

More from RIPE NCC (20)

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet Registry
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate Action
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in Tech
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement Tools
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the Baltics
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing Security
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE Atlas
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement Services
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in Sweden
 

Recently uploaded

Tumkur Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tumkur
Tumkur Escorts Service Girl ^ 9332606886, WhatsApp Anytime TumkurTumkur Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tumkur
Tumkur Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tumkurmeghakumariji156
 
{ Pooja 9892124323 } girls birds call girls netflix funny names to call girls...
{ Pooja 9892124323 } girls birds call girls netflix funny names to call girls...{ Pooja 9892124323 } girls birds call girls netflix funny names to call girls...
{ Pooja 9892124323 } girls birds call girls netflix funny names to call girls...Pooja Nehwal
 
9867746289, Unveiling the Secrets of Russian Escort Services in Mumbai, Vashi...
9867746289, Unveiling the Secrets of Russian Escort Services in Mumbai, Vashi...9867746289, Unveiling the Secrets of Russian Escort Services in Mumbai, Vashi...
9867746289, Unveiling the Secrets of Russian Escort Services in Mumbai, Vashi...Pooja Nehwal
 
9867746289 - Payal Mehta Book Call Girls in Versova and escort services 24x7
9867746289 - Payal Mehta Book Call Girls in Versova and escort services 24x79867746289 - Payal Mehta Book Call Girls in Versova and escort services 24x7
9867746289 - Payal Mehta Book Call Girls in Versova and escort services 24x7Pooja Nehwal
 
Top 10 Moisturising Cream Brands In India - Stelon Biotech
Top 10 Moisturising Cream Brands In India - Stelon BiotechTop 10 Moisturising Cream Brands In India - Stelon Biotech
Top 10 Moisturising Cream Brands In India - Stelon BiotechStelon Biotech
 
Escorts Service Model Basti 👉 Just CALL ME: 8617697112 💋 Call Out Call Both W...
Escorts Service Model Basti 👉 Just CALL ME: 8617697112 💋 Call Out Call Both W...Escorts Service Model Basti 👉 Just CALL ME: 8617697112 💋 Call Out Call Both W...
Escorts Service Model Basti 👉 Just CALL ME: 8617697112 💋 Call Out Call Both W...Nitya salvi
 
Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...
Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...
Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...Pooja Nehwal
 
Style Victorious Cute Outfits for Winners
Style Victorious Cute Outfits for WinnersStyle Victorious Cute Outfits for Winners
Style Victorious Cute Outfits for Winnersolva0212
 
Gorgeous Call Girls In Jaipur {9521753030} ❤️VVIP ANKITA Call Girl in Jaipur ...
Gorgeous Call Girls In Jaipur {9521753030} ❤️VVIP ANKITA Call Girl in Jaipur ...Gorgeous Call Girls In Jaipur {9521753030} ❤️VVIP ANKITA Call Girl in Jaipur ...
Gorgeous Call Girls In Jaipur {9521753030} ❤️VVIP ANKITA Call Girl in Jaipur ...Sheetaleventcompany
 
The Clean Living Project Episode 17 - Blue Zones
The Clean Living Project Episode 17 - Blue ZonesThe Clean Living Project Episode 17 - Blue Zones
The Clean Living Project Episode 17 - Blue ZonesThe Clean Living Project
 
Call Girls Service In Zirakpur ❤️🍑 7837612180 👄🫦Independent Escort Service Zi...
Call Girls Service In Zirakpur ❤️🍑 7837612180 👄🫦Independent Escort Service Zi...Call Girls Service In Zirakpur ❤️🍑 7837612180 👄🫦Independent Escort Service Zi...
Call Girls Service In Zirakpur ❤️🍑 7837612180 👄🫦Independent Escort Service Zi...Sheetaleventcompany
 
Payal Mehta 9867746289, Escorts Service Near The Taj Mahal Palace Colaba
Payal Mehta 9867746289, Escorts Service Near The Taj Mahal Palace ColabaPayal Mehta 9867746289, Escorts Service Near The Taj Mahal Palace Colaba
Payal Mehta 9867746289, Escorts Service Near The Taj Mahal Palace ColabaPooja Nehwal
 
Lesotho history, Basotho languages, Basotho mode of transport
Lesotho history, Basotho languages, Basotho mode of transportLesotho history, Basotho languages, Basotho mode of transport
Lesotho history, Basotho languages, Basotho mode of transporttobatsitlotliso004
 
Call Girls In Raigad Escorts ☎️8617370543 🔝 💃 Enjoy 24/7 Escort Service Enjoy...
Call Girls In Raigad Escorts ☎️8617370543 🔝 💃 Enjoy 24/7 Escort Service Enjoy...Call Girls In Raigad Escorts ☎️8617370543 🔝 💃 Enjoy 24/7 Escort Service Enjoy...
Call Girls In Raigad Escorts ☎️8617370543 🔝 💃 Enjoy 24/7 Escort Service Enjoy...Nitya salvi
 
Call Girls In Mohali ☎ 9915851334☎ Just Genuine Call Call Girls Mohali 🧿Elite...
Call Girls In Mohali ☎ 9915851334☎ Just Genuine Call Call Girls Mohali 🧿Elite...Call Girls In Mohali ☎ 9915851334☎ Just Genuine Call Call Girls Mohali 🧿Elite...
Call Girls In Mohali ☎ 9915851334☎ Just Genuine Call Call Girls Mohali 🧿Elite...rajveerescorts2022
 
Top 20: Best & Hottest Russian Pornstars Right Now (2024) Russian Porn Stars ...
Top 20: Best & Hottest Russian Pornstars Right Now (2024) Russian Porn Stars ...Top 20: Best & Hottest Russian Pornstars Right Now (2024) Russian Porn Stars ...
Top 20: Best & Hottest Russian Pornstars Right Now (2024) Russian Porn Stars ...minkseocompany
 
gatiin-namaa-meeqa .pdf
gatiin-namaa-meeqa .pdfgatiin-namaa-meeqa .pdf
gatiin-namaa-meeqa .pdfDesalechali1
 
Ladies kitty party invitation messages and greetings.pdf
Ladies kitty party invitation messages and greetings.pdfLadies kitty party invitation messages and greetings.pdf
Ladies kitty party invitation messages and greetings.pdfShort Good Quotes
 
UNIVERSAL HUMAN VALUES -Harmony in the Human Being
UNIVERSAL HUMAN VALUES -Harmony in the Human BeingUNIVERSAL HUMAN VALUES -Harmony in the Human Being
UNIVERSAL HUMAN VALUES -Harmony in the Human BeingChandrakantDivate1
 
Tirunelveli Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tirunelveli
Tirunelveli Escorts Service Girl ^ 9332606886, WhatsApp Anytime TirunelveliTirunelveli Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tirunelveli
Tirunelveli Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tirunelvelimeghakumariji156
 

Recently uploaded (20)

Tumkur Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tumkur
Tumkur Escorts Service Girl ^ 9332606886, WhatsApp Anytime TumkurTumkur Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tumkur
Tumkur Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tumkur
 
{ Pooja 9892124323 } girls birds call girls netflix funny names to call girls...
{ Pooja 9892124323 } girls birds call girls netflix funny names to call girls...{ Pooja 9892124323 } girls birds call girls netflix funny names to call girls...
{ Pooja 9892124323 } girls birds call girls netflix funny names to call girls...
 
9867746289, Unveiling the Secrets of Russian Escort Services in Mumbai, Vashi...
9867746289, Unveiling the Secrets of Russian Escort Services in Mumbai, Vashi...9867746289, Unveiling the Secrets of Russian Escort Services in Mumbai, Vashi...
9867746289, Unveiling the Secrets of Russian Escort Services in Mumbai, Vashi...
 
9867746289 - Payal Mehta Book Call Girls in Versova and escort services 24x7
9867746289 - Payal Mehta Book Call Girls in Versova and escort services 24x79867746289 - Payal Mehta Book Call Girls in Versova and escort services 24x7
9867746289 - Payal Mehta Book Call Girls in Versova and escort services 24x7
 
Top 10 Moisturising Cream Brands In India - Stelon Biotech
Top 10 Moisturising Cream Brands In India - Stelon BiotechTop 10 Moisturising Cream Brands In India - Stelon Biotech
Top 10 Moisturising Cream Brands In India - Stelon Biotech
 
Escorts Service Model Basti 👉 Just CALL ME: 8617697112 💋 Call Out Call Both W...
Escorts Service Model Basti 👉 Just CALL ME: 8617697112 💋 Call Out Call Both W...Escorts Service Model Basti 👉 Just CALL ME: 8617697112 💋 Call Out Call Both W...
Escorts Service Model Basti 👉 Just CALL ME: 8617697112 💋 Call Out Call Both W...
 
Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...
Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...
Mahim Call Girls in Bandra 7738631006, Sakinaka Call Girls agency, Kurla Call...
 
Style Victorious Cute Outfits for Winners
Style Victorious Cute Outfits for WinnersStyle Victorious Cute Outfits for Winners
Style Victorious Cute Outfits for Winners
 
Gorgeous Call Girls In Jaipur {9521753030} ❤️VVIP ANKITA Call Girl in Jaipur ...
Gorgeous Call Girls In Jaipur {9521753030} ❤️VVIP ANKITA Call Girl in Jaipur ...Gorgeous Call Girls In Jaipur {9521753030} ❤️VVIP ANKITA Call Girl in Jaipur ...
Gorgeous Call Girls In Jaipur {9521753030} ❤️VVIP ANKITA Call Girl in Jaipur ...
 
The Clean Living Project Episode 17 - Blue Zones
The Clean Living Project Episode 17 - Blue ZonesThe Clean Living Project Episode 17 - Blue Zones
The Clean Living Project Episode 17 - Blue Zones
 
Call Girls Service In Zirakpur ❤️🍑 7837612180 👄🫦Independent Escort Service Zi...
Call Girls Service In Zirakpur ❤️🍑 7837612180 👄🫦Independent Escort Service Zi...Call Girls Service In Zirakpur ❤️🍑 7837612180 👄🫦Independent Escort Service Zi...
Call Girls Service In Zirakpur ❤️🍑 7837612180 👄🫦Independent Escort Service Zi...
 
Payal Mehta 9867746289, Escorts Service Near The Taj Mahal Palace Colaba
Payal Mehta 9867746289, Escorts Service Near The Taj Mahal Palace ColabaPayal Mehta 9867746289, Escorts Service Near The Taj Mahal Palace Colaba
Payal Mehta 9867746289, Escorts Service Near The Taj Mahal Palace Colaba
 
Lesotho history, Basotho languages, Basotho mode of transport
Lesotho history, Basotho languages, Basotho mode of transportLesotho history, Basotho languages, Basotho mode of transport
Lesotho history, Basotho languages, Basotho mode of transport
 
Call Girls In Raigad Escorts ☎️8617370543 🔝 💃 Enjoy 24/7 Escort Service Enjoy...
Call Girls In Raigad Escorts ☎️8617370543 🔝 💃 Enjoy 24/7 Escort Service Enjoy...Call Girls In Raigad Escorts ☎️8617370543 🔝 💃 Enjoy 24/7 Escort Service Enjoy...
Call Girls In Raigad Escorts ☎️8617370543 🔝 💃 Enjoy 24/7 Escort Service Enjoy...
 
Call Girls In Mohali ☎ 9915851334☎ Just Genuine Call Call Girls Mohali 🧿Elite...
Call Girls In Mohali ☎ 9915851334☎ Just Genuine Call Call Girls Mohali 🧿Elite...Call Girls In Mohali ☎ 9915851334☎ Just Genuine Call Call Girls Mohali 🧿Elite...
Call Girls In Mohali ☎ 9915851334☎ Just Genuine Call Call Girls Mohali 🧿Elite...
 
Top 20: Best & Hottest Russian Pornstars Right Now (2024) Russian Porn Stars ...
Top 20: Best & Hottest Russian Pornstars Right Now (2024) Russian Porn Stars ...Top 20: Best & Hottest Russian Pornstars Right Now (2024) Russian Porn Stars ...
Top 20: Best & Hottest Russian Pornstars Right Now (2024) Russian Porn Stars ...
 
gatiin-namaa-meeqa .pdf
gatiin-namaa-meeqa .pdfgatiin-namaa-meeqa .pdf
gatiin-namaa-meeqa .pdf
 
Ladies kitty party invitation messages and greetings.pdf
Ladies kitty party invitation messages and greetings.pdfLadies kitty party invitation messages and greetings.pdf
Ladies kitty party invitation messages and greetings.pdf
 
UNIVERSAL HUMAN VALUES -Harmony in the Human Being
UNIVERSAL HUMAN VALUES -Harmony in the Human BeingUNIVERSAL HUMAN VALUES -Harmony in the Human Being
UNIVERSAL HUMAN VALUES -Harmony in the Human Being
 
Tirunelveli Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tirunelveli
Tirunelveli Escorts Service Girl ^ 9332606886, WhatsApp Anytime TirunelveliTirunelveli Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tirunelveli
Tirunelveli Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tirunelveli
 

Validation of RPKI Objects Using a Local Cache

  • 1. Validation of RPKI objects using a local cache Thursday, November 8, 12
  • 2. Problems with current • Very tight coupling to rsync – Need to process objects not on manifest – Vulnerable to updates happening during fetch • Prefix validate wants to know all ROAs • Implementations use URI as identifiers for objects – Multiple publication points complicated – Same for alternative fetch mechanisms Tim Bruijnzeels, IETF85 2 Thursday, November 8, 12
  • 3. Decoupling object retrieval • Use SIA, AIA and CRLDP only for object discovery • Allows for other retrieval mechanisms – rsync – bittorrent – http with / without deltas – multiple publication points – other.. Tim Bruijnzeels, IETF85 3 Thursday, November 8, 12
  • 4. Validation using ‘just objects’ find by: find by: Key Identifier hash TA Cert MFT EE CRL there can be SKI AKI AKI only one... TAL latest? CA1 Cert MFT EE signature ok? SKI AKI all objects? CA2 Cert MFT EE SKI AKI Tim Bruijnzeels, IETF85 4 Thursday, November 8, 12
  • 5. Differences from current RFCs • Strict interpretation of current repository standards – Some clarification for CAs might be useful: MUST 1 mft, 1 crl, all objects that need to be known • Manifests authoritative source for walking the tree – Ignores objects that the CA does not put on mft – May be strict if objects are missing, e.g. go with last known good state if available • SIA, AIA and CRLDP only for discovery Tim Bruijnzeels, IETF85 5 Thursday, November 8, 12