adding bgpsec to bird

Ondrej Zajicek santiago at crfreenet.org
Tue Mar 20 22:24:51 CET 2012


On Tue, Mar 20, 2012 at 07:23:19PM +0100, Matthias Waehlisch wrote:
> Hi Mike,
> 
>   do you also intend to implement prefix origin validation according to 
> IETF/SIDR specs?
> 
>   Maybe as a side note: We implemented the RTR protocol as a lightweight 
> and very efficient C library, which allows to exchange validated ROAs 
> between cache and router and to perform origin validation.

We have beta ROA checking in GIT code and will be a part of the next
release, which will be in a few days. Currently, it is just a local
part (ROA data structure and filters with possibility to statically
configure ROAs or add/remove them dynamically using birdc), integration
with RPKI / RTR exchange protocol is planned to be added later, i will
probably embed or reuse your library.

BTW, if i remember correctly, connection between router and RPKI cache
is required to be SSH protected, how do you handle that in your library?
Reuse external SSH tool, library or integrate all the cryptography?

-- 
Elen sila lumenn' omentielvo

Ondrej 'SanTiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20120320/28577b85/attachment-0001.asc>


More information about the Bird-users mailing list