https://medium.com/@jobsnijders/a-propo ... b74e7a3f65Overview of the RPKI ecosystem
RPKI is a specialised public key infrastructure (PKI) framework designed to secure the Internet’s routing infrastructure. It uses X.509 PKI Certificates with extensions for IP Addresses and ASNs. For network operators, RPKI resource certificates offer verifiable proof of ownership of a resource’s allocation or assignment by a Regional Internet Registry (RIR). Network operators can create cryptographically verifiable statements (so-called “ROAs”) about the route announcements they authorise to be made for the prefixes they own. Only the legitimate holder of the IP prefix can create a RPKI ROA using their resource certificate. Other network operators can use RPKI Validator software to download and validate these ROAs. The resulting data set can be used for BGP route filtering.
[转] A proposal for a new RPKI validator: OpenBSD rpki-client
[转] A proposal for a new RPKI validator: OpenBSD rpki-client
在线用户
正浏览此版面之用户: 没有注册用户 和 2 访客