La cybersécuritay, c'est compliquay. Comment la Corée du Nord a coupé sa liaison Internet en voulant la sécuriser. https://labs.ripe.net/author/romain_fontugne/from-bgp-data-to-insight-simplifying-real-time-routing-analysis/

#BGP #RPKI

🚨 More new routing insights on Radar!

- Track #RPKI ROA deployment history at a global/country/ASN level, going back 3+ years for valid prefixes & address space

https://radar.cloudflare.com/routing/rpki#rpki-roa-deployment

- Country level announced IP address space graphs now include a "Show top ASes" toggle. Stacked area graphs make it easier to identify the providers behind large address space withdrawals.

Example: https://radar.cloudflare.com/routing/ir?dateStart=2026-01-04&dateEnd=2026-01-10#announced-ip-address-space

Weekend Reads

* How crazy is .internal/DOT
https://ant.isi.edu/~hardaker/papers/2026-04-27-analyzing-dot-internal-to-dot.pdf
* RIPE NCC RPKI exploit chain
https://mxsasha.eu/posts/ripe-ncc-rpki-exploit-chain/
* Bellovin book: Don't get hacked
https://www.cs.columbia.edu/~smb/homesec/index.html
* Internet Protocol Journal May 2026
https://ipj.dreamhosters.com/wp-content/uploads/2026/04/291-ipj.pdf
* Cloudflare 2026-Q1 Internet disruptions report
https://blog.cloudflare.com/q1-2026-internet-disruption-summary/

#DNS #RPKI #RIPE #Infosec #Outages

As the RPKI ecosystem continues to evolve to provide the data for securing BGP Internet routing, the foundations are being laid for the long term need for forensic analysis tools and the long term study of that ecosystem.

For BGP, we've long had the MRT files gathered by various looking glass projects such as route-views. That data today is part of long term trend analysis for BGP and a tool for triaging global routing problems.

The rpki-views work and related IETF drafts for it, largely driven by Job Snijders, is providing a way to capture the state of the RPKI. As Internet routing analysis eventually becomes more dependent on the state of the RPKI at a given moment, such state becomes a critical component of any ex post facto analysis of BGP routing security from BGP routing data.

While the attached article is effectively discussing an "oops" while building out this ecosystem, it provides a good set of links to spelunk for the above topics.

#bgp #rpki #rpkiclient #ietf

https://blog.qrator.net/en/repairing-the-rpkiviews-h1-2026-archives_227/

rpki-client 9.8 released

Routing security matters to all of us (even those of us who seldom give the subject any thought), and the rpki-client project announced the release of a new version of their Resource Public Key Infrastructure (RPKI) client, with a number of improvements.

The announcement reads

• List: openbsd-announce
• Subject: rpki-client 9.8 released
• From: Sebastian Benoit

• Date: 2026-04-14 23:20:42

  rpki-client 9.8 has just been released and will be available in the rpki-client directory of any OpenBSD mirror soon.
  It is recommended
  that all users upgrade to this version for improved reliability.

  rpki-client is a FREE, easy-to-use implementation of the Resource
  Public Key Infrastructure (RPKI) for Relying Parties to facilitate
  validation of BGP announcements. The program queries the global RPKI
  repository system and validates untrusted network inputs. The program
  outputs validated ROA payloads, BGPsec Router keys, and ASPA payloads
  in configuration formats suitable for OpenBGPD and BIRD, and supports
  emitting CSV and JSON for consumption by other routing stacks.

  See RFC 6480 and RFC 6811 for a description of how RPKI and BGP Prefix
  Origin Validation help secure the global Internet routing system.

  rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker,
  Job Snijders, Theo Buehler, Theo de Raadt, and Sebastian Benoit as part
  of the OpenBSD Project.

  This release includes the following changes to the previous release:

  • Various refactoring for improved compatibility with various libcryptoimplementations and in CA/BGPsec certificate handling.
  • Fixed an accounting issue in HTTP gzip compression detection.
  • Added a warning in extra verbose mode (-vv) about standardsnon-compliant Issuer and Subject ASN.1 string encodings.
  • Added a check for canonical encoding of ASPA eContent in alignmentwith draft-ietf-sidrops-aspa-profile-22.
  • Ensure that a repository timeout correctly stops repositoryprocessing. Thanks to Fedor Vompe from Deutsche Telekom for reporting.
  • Fixed a defect in Canonical Cache Representation ROAIPAddressFamilysort order. As a result, rpki-client 9.8 cannot parse rpki-client9.7's .ccr files and vice versa. Thanks to Bart Bakker from RIPE NCCfor reporting.
  • Fixed an issue in the parser for the locally configured constraints.Thanks to Daniel Anderson.
  • A malicious RRDP Publication Server can cause a NULL dereference.Thanks to Daniel Anderson for reporting.
  • A malicious RPKI Publication Server can cause an incorrect error exit.Thanks to Yuheng Zhang, Qi Wang, Jianjun Chen from Tsinghua University,and Teatime Lab for reporting.

Go read ALL about it here!

https://undeadly.org/cgi?action=article;sid=20260415115612

#rpki #client #resource #public #key #infrastructure #openBSD #OpenSource #programming #networking

On Tuesday, 7 April, the Global Internet Standards Testing Community (GISTC) held its 3rd online meeting, which was chaired by Alena Muravska from @ripencc.

The GISTC brings together organisations from all over the world around #InternetStandards the Internet.nl test tool and open-source code.

Its goal is to enable knowledge exchange, coordination of efforts, and of course to collaboratively improve the adoption of modern internet standards like #IPv6, #DNSSEC, #DANE, #DMARC, and #RPKI.

1/3

Weekend Reads

* Email address obfuscation in 2026
https://spencermortensen.com/articles/email-obfuscation/
* Profile of Kimwolf botnet researcher
https://www.wsj.com/tech/kimwolf-hack-residential-proxy-networks-a712ab59?st=dHJ5oe
* Quantifying AI data center heat impacts
https://arxiv.org/abs/2603.20897
* Characterizing invalid routes via Tunnels
https://arxiv.org/abs/2603.29207
* Detecting anomalous topology, routes, and congestion
https://arxiv.org/abs/2603.25875

#EMail #Kimwolf #AI #RPKI #BGP