[RPKI] Potential for test/dev trust anchor?
Jay Borkenhagen
rpki at braeburn.org
Mon Feb 25 02:19:05 UTC 2019
Andrew Gray writes:
> [...] Could a dev/testing
> trust anchor be set up by the community, and have a couple of the tier 1
> providers provide feedback from that through one of the various looking
> glass systems?
>
> This would allow people to use that test trust anchor to verify they
> have advertisements correct, things do what they want, etc., before then
> pulling the advertisement over to whichever RIR is appropriate for
> production work.
>
That sounds like a job for your RP software.
For example, RIPE's rpki-validator-3 allows its operator to configure
whitelist entries. After configuring a whitelist entry -- which is in
essence a local ROA -- the RIPE software will show which current
routes known to RIPE RIS would be validated or invalidated by the
whitelist ROA.
If that kind of 'what if?' analysis is important to you, you should
tell your favorite RP project. (For my money, it's OK to have this,
but other RP features / capabilities are more important to me.)
Jay B.
More information about the RPKI
mailing list