[RPKI] Routinator 0.8.0-rc1 Released
Martin Hoffmann
martin at nlnetlabs.nl
Wed Oct 7 14:27:46 UTC 2020
Dear mailing list,
it took a bit long but it is finally here: the first release candidate
for Routinator 0.8.0.
The most important feature in this release is much stricter validation
of the RPKI CAs: If any of the material published by a CA is invalid for
any reason, the entire CA is being rejected completely. No VRPs are
added from the ROAs published by the CA itself and its child CAs are
not even evaluated.
We implement the rules proposed by draft-ietf-sidrops-6486bis[0] with
two deviations.
For one we do not currently fall back to a previous version version of
the CA that would still be valid. This is not easily possible with the
current architecture and will require a major redesign of how we store
the RPKI data. This redesign is currently planned for 0.9..
Secondly, we allow objects of unknown types to be present in the
repository so long as they are correctly announced in the manifest.
There is a new option "unknown-objects" that can be used to reject
these objects as well. The motivation here is to not deploy a version
that blocks new object types such as the upcoming ASPA while there are
still ongoing discussions on the draft.
In addition, the release also contains a method we called "filtering of
unsafe VRPs" which I have described in an earlier message. As promised,
this filter is by default disabled and can be activated via the
"unsafe-vrps" option.
To make it more convenient to look at the impact of these changes, the
log from the most recent validation run is now available in the HTTP
server via the /log endpoint.
There are quite a few more changes. As always a detailed list can be
found in the release notes, this time at:
https://github.com/NLnetLabs/routinator/releases/tag/v0.8.0-rc1
If you want to join in on testing the next Routinator release, you
can install this candidate via cargo. But note that you have to
specifically provide the version number:
cargo install -f --version 0.8.0-rc1 routinator
Happy Routinating!
On behalf of the NLnet Labs RPKI Team,
Martin
[0] https://datatracker.ietf.org/doc/draft-ietf-sidrops-6486bis/
More information about the RPKI
mailing list