Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.4 / (download) - annotate - [select for diffs], Fri Mar 15 05:14:16 2024 UTC (2 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: HEAD
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
whitespace
Revision 1.3 / (download) - annotate - [select for diffs], Fri Mar 15 03:38:59 2024 UTC (2 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.2: +17 -7 lines
Diff to previous 1.2 (colored)
Log which of the constraints files triggered a violation Requested by Ties de Kock (RIPE NCC) OK tb@
Revision 1.2 / (download) - annotate - [select for diffs], Wed Dec 27 07:15:55 2023 UTC (5 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.1: +4 -3 lines
Diff to previous 1.1 (colored)
Rework the warnings on internet resources Unify the printing of warnings about AS numbers and IP address blocks to use a call to as_warn() and ip_warn(). Fix a bug in the latter where the upper bound of an IP range didn't take the RFC 3779 encoding into account and passed the address directly to inet_pton() rather than filling the missing bits with 1. Switch the argument order to match the warnings and tweak some warning messages. ok claudio job
Revision 1.1 / (download) - annotate - [select for diffs], Fri Oct 13 12:06:49 2023 UTC (7 months, 2 weeks ago) by job
Branch: MAIN
Allow imposing constraints on RPKI trust anchors The ability to constrain a RPKI Trust Anchor's effective signing authority to a limited set of Internet Number Resources allows Relying Parties to enjoy the potential benefits of assuming trust, within a bounded scope. Some examples: ARIN does not support inter-RIR IPv6 transfers, so it wouldn't make any sense to see a ROA subordinate to ARIN's trust anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't make sense to observe a ROA covering ARIN-managed IPv6 space under APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust arc (a cryptographically valid certificate path) existed. Along these same lines, AFRINIC doesn't support inter-RIR transfers of any kind, and none of the RIRs have authority over private resources like 10.0.0.0/8 and 2001:db8::/32. For more background see: https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/ https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html With and OK tb@, OK claudio@