Archived Plans

You can find our plans from previous quarters along with requests from the community on this page. We are updating this page at the end of each quarter.

Q3 2021 Plans and Community Input

Plans
Item Activity Description
1 End of support for the RIPE NCC RPKI Validator

On 1 July 2021, we ended offering support for the RIPE NCC RPKI Validator. Our RPKI Validator is one of several Relying Party software that network operators can use to download and validate the global RPKI data set. This data is used to support their BGP decision making process.

We also migrated the user interface of the rpki-validator.ripe.net from the RIPE NCC RPKI Validator 2 to Routinator.

More information has been shared on RIPE Labs and at our presentation at RIPE 81.

2 SOC 2 Type II audit framework

We designed an RPKI audit framework that allows us to publish a transparent SOC 3 report of our findings. In Q1 2021, we worked with the British Standards Institution to identify missing controls and we worked towards closing these gaps.

We have collected all the evidence to fulfill the controls of the SOC 2 type 2 RPKI framework. The audit will take place in Q2 2022.

3 Open sourcing the RPKI core

Radically Open Security (ROS) performed a code review of the RPKI Core. The goal of this review was to assess what parts of the code need to be updated before we can Open Source this code, and make it available to the wider community.

The report was delivered on 19 July 2021.

4 Penetration testing

We have asked ROS to perform a pen test on our RPKI Core, RPKI Commons and the RPKI Dashboard.

The report was delivered on 26 July.

5

Scaling up the RPKI repositories

Work continues to Q4 2021.

In preparation for the improved RPKI repository architecture, the distributed nature of the RRDP repository is going to be implemented using containers and krill-sync that pulls data from the centralised on-premise repository. This greatly simplifies smooth transitioning between publication servers without any downtime.

NOTE: We are not referring to cloud technologies here, just to our internal deployment technologies.

6 New Hardware Security Module (HSM)

Work continues to Q4 2021.

We are using both online and offline HSMs for our Trust Anchor. The offline HSM is at the end-of-life and is being replaced. This project has been delayed due to the difficulty to organise in-person meetings during COVID-19. The production certification authority uses two online (networked) HSMs. These will reach their end-of-life by the end of 2022 and need to be replaced.

Community Input
Reference Input RIPE NCC Reaction
RPKI-2021-#01 Request to add public status page (as referenced during RIPE 82 RPKI presentation) to the RPKI planning. We have added this to our Q4 2021 Planning.

 

Please contact us if you need more information.

Stay up to date!

Follow the #RPKI hashtag on Twitter.