[RPKI] Routinator 0.8.0-rc1 Released

Ximon Eighteen ximon at nlnetlabs.nl
Wed Oct 7 15:14:06 UTC 2020 

Dear mailing list,

For Debian/Ubuntu users out there we have a small treat related to the 
Routinator 0.8.0-rc1 release: it's now available via our 
https://packages.nlnetlabs.nl/ package server!

Once you have added the NLnet Labs package repository to your APT 
configuration (see instructions at https://packages.nlnetlabs.nl/) you 
can install and setup Routinator like so:

$ sudo apt-get install routinator
$ sudo routinator-init --accept-arin-rpa
$ sudo systemctl enable --now routinator

(or use --decline-arin-rpa as you see fit)

You can then check the status of Routinator with:

$ sudo systemctl status routinator

And view the logs with:

$ sudo journalctl --unit=routinator

Happy Routinating!

On behalf of the NLnet Labs RPKI Team,
Ximon

On 07-10-2020 16:27, Martin Hoffmann via RPKI wrote:
> Dear mailing list,
> 
> it took a bit long but it is finally here: the first release candidate
> for Routinator 0.8.0.
> 
> The most important feature in this release is much stricter validation
> of the RPKI CAs: If any of the material published by a CA is invalid for
> any reason, the entire CA is being rejected completely. No VRPs are
> added from the ROAs published by the CA itself and its child CAs are
> not even evaluated.
> 
> We implement the rules proposed by draft-ietf-sidrops-6486bis[0] with
> two deviations.
> 
> For one we do not currently fall back to a previous version version of
> the CA that would still be valid. This is not easily possible with the
> current architecture and will require a major redesign of how we store
> the RPKI data. This redesign is currently planned for 0.9..
> 
> Secondly, we allow objects of unknown types to be present in the
> repository so long as they are correctly announced in the manifest.
> There is a new option "unknown-objects" that can be used to reject
> these objects as well. The motivation here is to not deploy a version
> that blocks new object types such as the upcoming ASPA while there are
> still ongoing discussions on the draft.
> 
> In addition, the release also contains a method we called "filtering of
> unsafe VRPs" which I have described in an earlier message. As promised,
> this filter is by default disabled and can be activated via the
> "unsafe-vrps" option.
> 
> To make it more convenient to look at the impact of these changes, the
> log from the most recent validation run is now available in the HTTP
> server via the /log endpoint.
> 
> There are quite a few more changes. As always a detailed list can be
> found in the release notes, this time at:
> 
>     https://github.com/NLnetLabs/routinator/releases/tag/v0.8.0-rc1
> 
> If you want to join in on testing the next Routinator release, you
> can install this candidate via cargo. But note that you have to
> specifically provide the version number:
> 
>      cargo install -f --version 0.8.0-rc1 routinator
> 
> Happy Routinating!
> 
> On behalf of the NLnet Labs RPKI Team,
> Martin
> 
> [0] https://datatracker.ietf.org/doc/draft-ietf-sidrops-6486bis/
>

More information about the RPKI mailing list