mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code
891d6bce9c
openbsd-src/usr.sbin/rpki-client
History
job 891d6bce9c Allow imposing constraints on RPKI trust anchors 
The ability to constrain a RPKI Trust Anchor's effective signing
authority to a limited set of Internet Number Resources allows
Relying Parties to enjoy the potential benefits of assuming trust,
within a bounded scope.

Some examples: ARIN does not support inter-RIR IPv6 transfers, so
it wouldn't make any sense to see a ROA subordinate to ARIN's trust
anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't
make sense to observe a ROA covering ARIN-managed IPv6 space under
APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust
arc (a cryptographically valid certificate path) existed. Along these
same lines, AFRINIC doesn't support inter-RIR transfers of any kind,
and none of the RIRs have authority over private resources like
10.0.0.0/8 and 2001:db8::/32.

For more background see:
https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/
https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html

With and OK tb@, OK claudio@
2023-10-13 12:06:49 +00:00
..
as.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
aspa.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
cert.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
cms.c Check SignedData and SignerInfo versions to be 3 2023-08-14 08:25:26 +00:00
constraints.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
crl.c Retire log.c 2023-06-29 10:28:25 +00:00
encoding.c whitespace spotted during read-thru 2022-05-15 15:00:53 +00:00
extern.h Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
filemode.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
gbr.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
geofeed.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
http.c drop needless strcspn in the header parsing 2023-06-28 17:36:09 +00:00
io.c Use new ibuf API in rpki-client. 2023-06-20 15:15:14 +00:00
ip.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
json.c KNF 2023-06-22 09:08:02 +00:00
json.h Add an extra argument compact to json_do_object() to instruct the parser 2023-06-05 14:19:13 +00:00
main.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
Makefile Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
mft.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
mkdir.c Adjust cache cleanup to the deficits of RRDP. Unlike rysnc, RRDP has no 2022-04-04 16:02:54 +00:00
ometric.c more dastardly white spaces 2023-01-06 13:22:00 +00:00
ometric.h more dastardly white spaces 2023-01-06 13:22:00 +00:00
output-bgpd.c Decode and validate ASPA objects following the v1 syntax 2023-06-26 18:39:53 +00:00
output-bird.c Revert commitid ANSBO0rBvIUtTi45: 2023-05-30 12:14:48 +00:00
output-csv.c Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10) 2022-08-30 18:56:49 +00:00
output-json.c Decode and validate ASPA objects following the v1 syntax 2023-06-26 18:39:53 +00:00
output-ometric.c rpki-client: fix vap_pas stats 2023-06-29 14:33:35 +00:00
output.c Improve accounting by tracking things by repo and tal. 2023-04-26 16:32:41 +00:00
parser.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
print.c Rename ASPA providers field in filemode 2023-07-19 21:49:30 +00:00
repo.c Do not set O_EXCL on open() when a published file is on the withdraw list. 2023-07-20 05:18:31 +00:00
rfc3779.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
roa.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
rpki-client.8 Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
rrdp_delta.c Validate the session_id to be a real UUID. 2023-01-04 14:22:43 +00:00
rrdp_notification.c Improve detection of RRDP session desynchronization 2023-06-23 11:36:24 +00:00
rrdp_snapshot.c Validate the session_id to be a real UUID. 2023-01-04 14:22:43 +00:00
rrdp_util.c Move some functions from rrdp.c to rrdp_util.c and hex_decode to encoding.c. 2021-11-24 15:24:16 +00:00
rrdp.c Improve detection of RRDP session desynchronization 2023-06-23 11:36:24 +00:00
rrdp.h Remove unused macro (log_debuginfo) 2022-05-19 13:12:35 +00:00
rsc.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
rsync.c spelling fixes; from paul tagliamonte 2022-12-28 21:30:15 +00:00
tak.c Allow imposing constraints on RPKI trust anchors 2023-10-13 12:06:49 +00:00
tal.c Retire log.c 2023-06-29 10:28:25 +00:00
validate.c Introduce ip_addr_range_print() to avoid code repetition 2023-09-25 08:48:14 +00:00
version.h bump version 2023-10-02 13:31:32 +00:00
x509.c Ensure the X.509 Subject only contains commonName and optionally serialNumber 2023-09-12 09:33:30 +00:00