mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-09 22:38:01 -08:00
Code
OpenBSD
229,574 Commits 1 Branch 0 Tags 812 MiB
C 58.4%
C++ 26.5%
Roff 3.6%
Perl 3.5%
GCC Machine Description 1.6%
Other 5.9%
891d6bce9c
Go to file
job 891d6bce9c Allow imposing constraints on RPKI trust anchors 
The ability to constrain a RPKI Trust Anchor's effective signing
authority to a limited set of Internet Number Resources allows
Relying Parties to enjoy the potential benefits of assuming trust,
within a bounded scope.

Some examples: ARIN does not support inter-RIR IPv6 transfers, so
it wouldn't make any sense to see a ROA subordinate to ARIN's trust
anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't
make sense to observe a ROA covering ARIN-managed IPv6 space under
APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust
arc (a cryptographically valid certificate path) existed. Along these
same lines, AFRINIC doesn't support inter-RIR transfers of any kind,
and none of the RIRs have authority over private resources like
10.0.0.0/8 and 2001:db8::/32.

For more background see:
https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/
https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html

With and OK tb@, OK claudio@
2023-10-13 12:06:49 +00:00
bin Simplify the display() function by getting rid of a useless buffer 2023-10-07 13:29:08 +00:00
distrib Remove dead CRYPTOCHUNK usage 2023-10-11 17:53:52 +00:00
etc move release a earlier. when we wait for security fixes from one piece 2023-10-08 14:05:10 +00:00
games Fix format string warning in robots/score.c 2023-10-10 09:48:06 +00:00
gnu Remove ancient version of zlib bundled with GNU cvs. 2023-10-13 00:00:51 +00:00
include According to the C11 standard, char32_t and char16_t are not part 2023-09-05 23:16:01 +00:00
lib Tweak previous by using the argument name, not its type 2023-10-13 05:49:34 +00:00
libexec Log a dummy "<unknown>" IP address in the unlikely event that genameinfo(3) fails 2023-09-05 16:01:58 +00:00
regress Force the router-id on all bgpd instances to make the expected output 2023-10-13 07:55:57 +00:00
sbin Print at most pkgsize - hdrsize bytes for pfkey tag and identity to 2023-10-10 16:16:16 +00:00
share timeout: add TIMEOUT_MPSAFE flag 2023-10-12 15:32:38 +00:00
sys pflog(4) logs packet dropped by default rule with block. 2023-10-12 19:15:21 +00:00
usr.bin 64 %-expansion keys ought to be enough for anybody; ok dtucker 2023-10-12 03:36:32 +00:00
usr.sbin Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
.gitignore Ignore CVS directories for easier git + CVS coexistence. 2023-07-07 15:44:54 +00:00
Makefile minor cranking of libraries exposes a problem, details too long to explain. 2020-04-05 20:14:14 +00:00
Makefile.cross riscv64 is a LP64_ARCH, list it as such. 2021-05-03 00:04:31 +00:00