nanog mailing list archives

Re: RPKI TAs

From: Nathalie Trenaman <nathalie () ripe net>
Date: Thu, 6 Aug 2020 14:51:19 +0200

Hi Randy, all,

We’ve updated our page: 
https://www.ripe.net/manage-ips-and-asns/resource-management/certification/ripe-ncc-rpki-trust-anchor-structure 
<https://www.ripe.net/manage-ips-and-asns/resource-management/certification/ripe-ncc-rpki-trust-anchor-structure>
It now shows the correct TALs:
https://tal.rpki.ripe.net/ripe-ncc.tal <https://tal.rpki.ripe.net/ripe-ncc.tal> (preferred)
https://tal.rpki.ripe.net/ripe-ncc-rfc8630.tal <https://tal.rpki.ripe.net/ripe-ncc-rfc8630.tal> 
https://tal.rpki.ripe.net/ripe-ncc-validator-3.tal <https://tal.rpki.ripe.net/ripe-ncc-validator-3.tal> (RIPE NCC RPKI 
Validator 3 format)

I hope this helps. 

Best regards,
Nathalie Trenaman
RIPE NCC

Op 2 aug. 2020, om 20:52 heeft Randy Bush <randy () psg com> het volgende geschreven:

so i was trying to ensure i had a current set of TALs and was directed to

   https://www.ripe.net/manage-ips-and-asns/resource-management/certification/ripe-ncc-rpki-trust-anchor-structure

the supposed TAL at the bottom of the page is pretty creative.  anyone
know what to do there?

i kinda hacked with emacs and get

   rsync://rpki.ripe.net/ta/ripe-ncc-ta.cerpublic.key.info

   
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0URYSGqUz2myBsOzeW1jQ6NsxNvlLMyhWknvnl8NiBCs/T/S2XuNKQNZ+wBZxIgPPV2pFBFeQAvoH/WK83HwA26V2siwm/MY2nKZ+Olw+wlpzlZ1p3Ipj2eNcKrmit8BwBC8xImzuCGaV0jkRB0GZ0hoH6Ml03umLprRsn6v0xOP0+l6Qc1ZHMFVFb385IQ7FQQTcVIxrdeMsoyJq9eMkE6DoclHhF/NlSllXubASQ9KUWqJ0+Ot3QCXr4LXECMfkpkVR2TZT+v5v658bHVs6ZxRD1b6Uk1uQKAyHUbn/tXvP8lrjAibGzVsXDT2L0x4Edx+QdixPgOji3gBMyL2VwIDAQAB

but kinda expected an rrdp uri too

and, to add insult to injury, the APNIC web page with their TAL

   https://www.apnic.net/community/security/resource-certification/

requires javascript!

not to mention the ARIN stupidity

as if we needed another exercise in bureaucrats making operations
painful.  most operations of any size have internal departments
perfectly capable of doing that.

randy

Current thread:

RPKI TAs Randy Bush (Aug 02)
- Re: RPKI TAs Randy Bush (Aug 02)
- Re: RPKI TAs Alex Band (Aug 03)
  - Re: RPKI TAs Matthias Waehlisch (Aug 03)
    - Re: RPKI TAs Randy Bush (Aug 03)
- Re: RPKI TAs Nathalie Trenaman (Aug 06)
  - Re: RPKI TAs Randy Bush (Aug 06)
    - Re: RPKI TAs Amreesh Phokeer (Aug 12)
    - Re: RPKI TAs Randy Bush (Aug 12)
- <Possible follow-ups>
- Re: RPKI TAs John Kristoff (Aug 03)
  - Re: RPKI TAs Job Snijders (Aug 03)
    - Re: RPKI TAs Owen DeLong (Aug 03)
    - Re: RPKI TAs Matt Corallo (Aug 03)
    - Re: RPKI TAs Randy Bush (Aug 03)