The first Release Candidate of Routinator 0.13.0 is now available. The most notable change support for Autonomous System Provider Authorisations (#ASPA), allowing verification of the AS_PATH attribute of routes advertised in the #BGP. As this functionality is still subject to change in the #IETF, the feature has to be explicitly enabled when compiling to avoid unintended side effects. #RPKI #OpenStandards #RoutingSecurity https://github.com/NLnetLabs/routinator/releases/tag/v0.13.0-rc1

In case you were holding your breath for the Routinator release with #ASPA support, please exhale now. 😮‍💨 The people discussing this #RoutingSecurity topic in the #IETF have reached consensus to make ASPA AFI-agnostic instead. We'll change our implementation accordingly.

Perfectly timed for all the #RoutingSecurity discussions at #RIPE86, we’re proud to launch Krill 0.13. This release introduces production grade #ASPA support in addition to #BGPsec. It also adds a full #RPKI Trust Anchor support, enabling RIRs to run Krill as their root CA solution. https://github.com/NLnetLabs/krill/releases/tag/v0.13.0

Thank you all for all the testing with the latest Krill 0.13 Release Candidates. There is a massive amount of changes and with all your feedback we're able to iron out all the little wrinkles that slipped through our rigorous QA process. #RPKI #RoutingSecurity https://github.com/NLnetLabs/krill/releases/tag/v0.13.0-rc3

Putting the *measurement* into making a measurable difference in the #Internet ecosystem: update on community engagement OKRs from Hisham Ibrahim @ripencc

#RoutingSecurity #IPv6 #DataStorytelling

https://labs.ripe.net/author/hisham_ibrahim/pushing-the-needle-forward-a-community-engagement-quarterly-report/

I'm actually quite stunned that there are now 94 #ASPA objects out in the wild. https://krill.docs.nlnetlabs.nl/en/latest/manage-aspas.html #RPKI #RoutingSecurity

We're super proud that one of the five Regional Internet Registries will be deploying Krill as the #RPKI Certification Authority solution for their members. To make this possible, Trust Anchor support is now available in Krill 0.13 Release Candidate 1. This pre-release also contains a new User Interface, as well as production support for ASPA objects. #RoutingSecurity #OpenSource #rustlang #MemorySafety https://github.com/NLnetLabs/krill/releases/tag/v0.13.0-rc1

With support for running as an #RPKI Trust Anchor (as an RIR), the ability to import CAs, production grade ASPA support and a brand new User Interface, the Krill 0.13 release will be massive. #RoutingSecurity #Opensource #rustlang https://github.com/NLnetLabs/krill/pull/1002

Another thing that @tweedegolf inspired us with is fuzzing of #Rust projects. We’ve now used this to fuzz delta construction and merging when developing ASPA support in Routinator. #RPKI #OpenSource #rustlang #fuzzing #security #RoutingSecurity
https://github.com/NLnetLabs/routinator/pull/847/commits/2c65d949756b3ba72a93baa9795ca30646d1aa2e

There are currently 39 ASPAs out in the wild, almost all generated by our #RPKI Certificate Authority software Krill. It’s currently an experimental feature, but will be made a first class citizen in Krill 0.13. #OpenSource #RoutingSecurity https://krill.docs.nlnetlabs.nl/en/stable/manage-aspas.html

An Autonomous System Provider Attestation (ASPA) object in #RPKI is similar to a ROA: it’s an authority to propagate a route learned from an AS, issued by that authorising AS. Support for ASPAs in Routinator is now ready for review, coming soon to a release near you. #RoutingSecurity #BGP https://github.com/NLnetLabs/routinator/pull/847

For the #RPKI-to-Router protocol, the semantics of ROAs and ASPAs differ. This means quite a bit of refactoring was done to accommodate ASPAs in Routinator. Getting there though! #RoutingSecurity https://github.com/NLnetLabs/rpki-rs/pull/252

Applications are now open for the MANRS Mentors and Ambassadors Program.
Apply now!

https://www.manrs.org/2023/04/applications-open-for-manrs-mentors-and-ambassadors-program/

Sponsored by APNIC Foundation.

#MANRS #Routing #RoutingSecurity #Internet #InternetSecurity #BGP #Security #mentoring #mentorship #mentors

MANRS by the numbers (and people) in 2022📈

https://www.manrs.org/2023/03/manrs-community-report-2022-significant-milestones-and-broadening-engagement/

#MANRS #Routing #RoutingSecurity #Internet #InternetSecurity

#MANRS Community Report 2022: Significant Milestones and Broadening Engagement - https://www.manrs.org/2023/03/manrs-community-report-2022-significant-milestones-and-broadening-engagement/

#RoutingSecurity #Routing #Internet #InternetSecurity

Meanwhile on the #IETF sidrops list: “But after X.509 validation of ASPA, we have VAPs and then the SPAS derived from the VAPs, which can be called VAP-SPAS.”

Once again, it's going to be quite the adventure to pour this into an implementation that is understandable and usable for network operators…

#OpenStandards #RPKI #RoutingSecurity #BGP

The first step towards support for Autonomous System Provider Authorisation (ASPA) in Routinator. #RPKI #BGP #RoutingSecurity #OpenSource #rustlang https://github.com/NLnetLabs/rpki-rs/pull/250

The first step towards support for Autonomous System Provider Authorisation (ASPA )in Routinator. #RPKI #BGP #RoutingSecurity #OpenSource #rustlang https://github.com/NLnetLabs/rpki-rs/pull/250

ASPA is in working group last call, so support in Routinator coming soon. Krill already had support. Remember to ask to your router vendor to implement support too. #BGP #OpenSource #RPKI #RoutingSecurity https://github.com/NLnetLabs/routinator/issues/812#issuecomment-1469946710

MANRS Compliance Increasing, More Work Needed in #India - https://www.manrs.org/2023/03/manrs-compliance-increasing-more-work-needed-in-india/

#MANRS #BGP #BGPsecurity #routingsecurity #routing #Internet