Show threadAdrian OffermanMar 19, 2025

also available in English:
Adoption of RPKI/ROV security protocol progressing very quickly -- Next step is implementation of ASPA

Although RPKI/ROV is being adopted very quickly, it's still early days for the other two RPKI-based protocols. Anyone now running RPKI with ROV will be able to take the next step to ASPA in the next few years. Where BGPsec is concerned, it's a question of waiting for the next generation of routing systems.

#RPKI #ASPA #BGPsec #BGP #IPv6 #InternetSecurity

Adrian OffermanMar 19, 2025

op SIDN.nl:
RPKI/ROV-beveiligingsprotocol maakt razendsnelle adoptie door -- Volgende stap is implementatie van ASPA
https://www.sidn.nl/nieuws-en-blogs/rpki-rov-beveiligingsprotocol-maakt-razendsnelle-adoptie-door

Waar RPKI/ROV een heel snelle adoptie heeft doorgemaakt, is het voor de andere twee RPKI-gebaseerde protocollen nog net te vroeg. Wie nu RPKI met ROV heeft draaien, zal een dezer jaren de vervolgstap naar ASPA kunnen maken. Voor BGPsec is het wachten op de volgende generatie routersystemen.

#RPKI #ASPA #BGPsec #BGP #IPv6 #InternetSecurity

RPKI/ROV-beveiligingsprotocol maakt razendsnelle adoptie door | Cybersecurity | SIDN

Meer dan de helft van zowel de IPv4- als IPv6-routes in het internetrouteringssysteem BGP is inmiddels beveiligd met RPKI. En belangrijker nog: op dit moment loopt driekwart van al het IP-verkeer naar een RPKI-beveiligde bestemming.

SIDN - Het bedrijf achter .nl
Marcel SIneM(S)USMay 17, 2024
#FCC-Chefin will das #BorderGatewayProtocol absichern | Security https://www.heise.de/news/FCC-Chefin-will-das-Border-Gateway-Protocol-absichern-9721893.html #BGP #BGPsec
FCC-Chefin will das Border Gateway Protocol absichern

Das Internet ist seit jeher anfällig für Fehler beim Datenrouting. RPKI würde abhelfen, ISPs sind dazu aber nicht verpflichtet. Die FCC-Chefin will das ändern.​

heise online
Alex BandMay 24, 2023
As announced at #RIPE86, the RIPE NCC #RPKI Publication Service is now in production and proving quite popular. 167 CAs are now active, publishing 2100 ROAs, resulting in 3671 VRPs. It’s easy to set this up, and will allow you to sub-delegate resources, do #ASPA, as well as #BGPsec. https://blog.nlnetlabs.nl/running-krill-under-ripe-ncc/
Running Krill Under RIPE NCC

A guide to running Delegated RPKI with Krill and publishing ROAs using RIPE NCC's Publication as a Service.

The NLnet Labs Blog
Alex BandMay 24, 2023
Let’s kick off the #RIPE86 #BGP routing working group with some #RPKI numbers. In the global RPKI there are 149,606 ROAs resulting in 433,197 VRPs. Also, 3 #BGPsec router keys and 64 #ASPA objects out in the wild.
NLnet LabsMay 22, 2023
Perfectly timed for all the #RoutingSecurity discussions at #RIPE86, we’re proud to launch Krill 0.13. This release introduces production grade #ASPA support in addition to #BGPsec. It also adds a full #RPKI Trust Anchor support, enabling RIRs to run Krill as their root CA solution. https://github.com/NLnetLabs/krill/releases/tag/v0.13.0
Release DRY · NLnetLabs/krill

Summary This release contains an important fix for an issue affecting v0.12.x Publication Servers (see PR #1023). It is recommended that affected installations are upgraded as soon as possible. The...

GitHub
NLnet LabsMay 22, 2023
Nearly 20,000 #RPKI certificates have been issued, and the RPKI publication service is in production. This means you have all the advantages of running Krill - including #ASPA and #BGPsec support - and publish at the RIPE NCC. #RIPE86
Show threadNLnet LabsMay 22, 2023
Our #BGP #routing team will be available at #RIPE86 as well:
🛰️ Excited by our #OpenSource modular #BGP toolkit Rotonda? It's written in #rustlang too, making it insanely fast while providing #MemorySafety. Talk to @jasper, Luuk or Ximon about our imminent launch.
🦐 Meanwhile, we’ve been cooking up #ASPA support to compliment #BGPsec in Krill, our #RPKI CA software. Tim can tell you all about it, along with our future plans.
NLnet LabsSep 7, 2022
Krill 0.10.0 is now available, featuring support for #BGPSec Router Certificate Signing and the use of Hardware Security Modules (HSMs) for key operations. #RPKI https://github.com/NLnetLabs/krill/releases/tag/v0.10.0
Release Hush · NLnetLabs/krill

In this release we introduce the following major features: BGPSec Router Certificate Signing Support the use of Hardware Security Modules (HSMs) for key operations The documentation has more info...

GitHub
Show threadStéphane BortzmeyerMay 19, 2022

Now, Ignas Bagdonas benchmarks #BGPsec performance. On his lab setup, it is awfully slow.

Interesting explanations about software optimisation. BGPsec uses SHA-2 (hard for memory, cool for the CPU) and ECDSA (the opposite): do them in parallel (but the BGPsec format of data does not make it easy).

#RIPE84 #BGP