________________________________________________________________________
Editorial Review: SIG Guidelines
________________________________________________________________________
APNIC seeks final editorial comments on the draft changes to the SIG
Guidelines.
This document has been amended to reflect the SIG Guidelines review and
recommendations as presented to the community at APNIC 50 and the SIG
Guidelines online community consultation.
The draft document is available at:
https://www.apnic.net/community/policy/drafts/
Nature of the document review
-----------------------------
This is an editorial review only. Consensus has already been reached
on these changes.
Therefore, during the comment period, interested parties may:
- Object to the draft document on the grounds that it does not
properly reflect the consensus decision reached in the Policy
Review Process
- Suggest improvements of any aspect of the document
- Request that an additional call for comment be made to allow more
consideration of substantial revisions
Deadline for comments
---------------------
Comments are requested by Wednesday, 21 April 2021 at:
https://www.apnic.net/community/policy/drafts
________________________________________________________________________
APNIC Secretariat secretariat(a)apnic.net
Asia Pacific Network Information Centre (APNIC) Tel: +61 7 3858 3100
PO Box 3646 South Brisbane, QLD 4101 Australia Fax: +61 7 3858 3199
6 Cordelia Street, South Brisbane, QLD http://www.apnic.net
________________________________________________________________________
------------------ Original ------------------
From: "sig-routingsecurity-request"<sig-routingsecurity-request(a)apnic.net>;
Date: Thu, Mar 11, 2021 07:14 AM
To: "yedongdong"<yedongdong(a)nnix.cn>;
Subject: Welcome to the "SIG Routing Security" mailing list
Welcome to the "SIG Routing Security" mailing list!
To post to this list, send your email to:
sig-routingsecurity(a)apnic.net
You can unsubscribe or make adjustments to your options via email by
sending a message to:
sig-routingsecurity-request(a)apnic.net
with the word 'help' in the subject or body (don't include the
quotes), and you will get back a message with instructions. You will
need your password to change your options, but for security purposes,
this password is not included here. If you have forgotten your
password you will need to reset it via the web UI.
Hi Everyone,
Here is the SIG Report we just presented during AGM.
- RPKI is a complex system but we expect Network Operators to start
creating ROAs and ultimately move to validation but there is a lack of
transparency into the operations. Things like the validity period of ROA,
when and how it will be renewed and revoked is not clearly defined.
- While APNIC is reviewing CPS (Certificate Practice Statement) as there
are legal requirements in it but it is important to have community
consultation or review process of items of operational relevance (e.g. Time
or Frequency of Publication of certificates etc).
- Reporting process if something goes wrong. Operational status page.
- There are no current recommendations from APNIC for those who want to
run self-hosted CA. Also, the consequences of not following the
guidelines/recommendations should be clear to anyone doing self-hosted CA.
- There is a strong opinion to have Transparency, currently the whole
system is a grey box which fortunately is working but if we want to
convince all members to start actively maintaining ROAs and start doing
validation then we need make some changes.
- There is a need to have clearly defined obligations from both the
Member and APINC end. Having an agreeable SLA for these services can be way
forward as per the membership agreement. Many operators moving towards
validation makes RPKI critical for operations and APNIC running one of the
TA has to play a role in this.
Next Steps:
- Chairs have decided to conduct a standalone event every 4-6 weeks
(schedule will be decided and shared soon) to go through these points in
detail.
- This will provide a platform to discuss the pros/cons of many ideas we
came across during panel discussion.
- This will algo give an opportunity to invite relying party software
vendors to share their point of view.
- The Secretariat has confirmed their logistical support for this.
Regards,
on behalf of SIG Chairs
Di Ma, Rupesh, Aftab
Hi Everyone,
Here is the agenda for Routing Security SIG Session on 3rd March 2021. If
you have any questions for the panelist on this topic, please let us know.
11:00 - 11:05 — Welcome and SIG introduction.
11:05 - 11:15 — APNIC RPKI Report - George Michaelson (APNIC).
11:15 - 11:40 — Panel Discussion "implementation of RPKI and
Transparency", Panel: George Michaelson (APNIC) and Taiji Kimura (JPNIC)
Moderator Aftab Siddiqui.
11:40 - 11:45 — Q&A
11:45 - 11:55 — Presentation - "RPKI-VIZ" by Dr. Di Ma.
11:55 - 12:00 — Q&A
12:00 --- Closing remarks by Rupesh (Co-Chair).
Panel Discussion Agenda:
- Certificate validity
- Certification Practice Statement (CPS)
- ROA/CRL/MFT publication timelines
- How this impact the delegated CA model
- Reporting process if something goes wrong/SLA
Regards,
On behalf of Routing Security SIG Chairs
Rupesh, Di Ma, Aftab.