A revoked certificate or a mess up by the RIR will *not* result in an unreachable network. It's possibly the biggest misconception about RPKI.
http://mailman.nanog.org/piper...
That's a bit dramatic. It's a data set with statements about routing, it doesnt affect BGP directly, that's up to the operator who uses the data. The signatures are there so the user of the data can validate intergrity. If it turns out the system is being abused, operators will simply stop using RPKI data and fall back on whatever they use now (e.g. route objects in the IRR).
Global RPKI deployment stats can be found here; Europe is doing pretty well, growing at a healthy pace: http://certification-stats.rip...
As far as router support goes, Cisco and Juniper are doing a good job with support across the platforms:
https://www.ripe.net/lir-servi...
But with other vendors, RPKI support is pretty much non-existent. Though it's not a requirements to use RPKI data natively on the router, you can also just use validated ROAs from an API, for example: http://localcert.ripe.net:8088...
I think the paragraph that says RPKI is complex and deployment has been slow is a lie, quite frankly.
The five Regional Internet Registries (RIRs) have been heavily involved in the RPKI system, because they are the authoritative source on who the legitimate holder of a certain IP address block is. They launched a service to facilitate RPKI on January 1st, 2011 and adoption has been incredibly good for such a cutting edge technology (for example compared to IPv6 and DNSSEC). Since the launch, more than 1500 ISPs and large organizations world-wide have opted-in to the system and requested a resource certificate. The service that the RIRs offer, along with several open source packages by third parties for management, ensure that network operators only have to worry about entering data and not any of the crypto, making it robust and easy to use.
With their certificate, an ISP can make a validatable claim – known as a Route Origin Authorisation (ROA) – about their prefixes, stating "As the holder of these IP prefixes, I authorize this Autonomous System to originate them". There are over 800 ROAs in the global system, describing more than 2000 prefixes ranging from/24s to/10s, totaling to almost 80 million IPv4 addresses. All in all, RPKI has really good traction and with native router support in Cisco, Juniper and Quagga, this is only getting better.
Global deployment statistics can be found here: http://certification-stats.ripe.net/
As a side curiosity, I wonder how many public IPv4 IPs are actually in use.
Check out figure 36 on this page: http://www.potaroo.net/tools/ipv4/ The green line is what has been assigned, the blue line is what is actually announced on the public internet. There are about 50/8s that have been assigned, but are not used on the public Internet (the purple line).
BTW, out of the 256/8s in IPv4, the maximum number of assignments that can be made is 220, the rest is reserved for other purposes.
Their whole business model, outside of printers, is to resell other companies products as their own brand.
This is not entirely true for printers either. Only the inkjet line is truly HP's own design. All of the laserjet engines are manufactured by Canon according to some design specs HP sets. The original Color Laserjet had a Konica Minolta engine, and so does the relatively new, but already ditched, digital copier line.
"I went on vacation, and forgot all about the switch," said Kenny LaGuardia, a Web designer from Los Angeles. "When I returned home, the program had posted, 'So I guess I'm dead' messages to all the newslists I subscribe to, and destroyed all my adult entertainment files."
Slashdot Mirror
A revoked certificate or a mess up by the RIR will *not* result in an unreachable network. It's possibly the biggest misconception about RPKI. http://mailman.nanog.org/piper...
That's a bit dramatic. It's a data set with statements about routing, it doesnt affect BGP directly, that's up to the operator who uses the data. The signatures are there so the user of the data can validate intergrity. If it turns out the system is being abused, operators will simply stop using RPKI data and fall back on whatever they use now (e.g. route objects in the IRR).
Actually it does exist: https://www.ripe.net/lir-servi... Wikipedia article is outdated.
Global RPKI deployment stats can be found here; Europe is doing pretty well, growing at a healthy pace: http://certification-stats.rip... As far as router support goes, Cisco and Juniper are doing a good job with support across the platforms: https://www.ripe.net/lir-servi... But with other vendors, RPKI support is pretty much non-existent. Though it's not a requirements to use RPKI data natively on the router, you can also just use validated ROAs from an API, for example: http://localcert.ripe.net:8088...
I think the paragraph that says RPKI is complex and deployment has been slow is a lie, quite frankly. The five Regional Internet Registries (RIRs) have been heavily involved in the RPKI system, because they are the authoritative source on who the legitimate holder of a certain IP address block is. They launched a service to facilitate RPKI on January 1st, 2011 and adoption has been incredibly good for such a cutting edge technology (for example compared to IPv6 and DNSSEC). Since the launch, more than 1500 ISPs and large organizations world-wide have opted-in to the system and requested a resource certificate. The service that the RIRs offer, along with several open source packages by third parties for management, ensure that network operators only have to worry about entering data and not any of the crypto, making it robust and easy to use. With their certificate, an ISP can make a validatable claim – known as a Route Origin Authorisation (ROA) – about their prefixes, stating "As the holder of these IP prefixes, I authorize this Autonomous System to originate them". There are over 800 ROAs in the global system, describing more than 2000 prefixes ranging from /24s to /10s, totaling to almost 80 million IPv4 addresses. All in all, RPKI has really good traction and with native router support in Cisco, Juniper and Quagga, this is only getting better.
Global deployment statistics can be found here: http://certification-stats.ripe.net/
As a side curiosity, I wonder how many public IPv4 IPs are actually in use.
Check out figure 36 on this page: http://www.potaroo.net/tools/ipv4/ The green line is what has been assigned, the blue line is what is actually announced on the public internet. There are about 50 /8s that have been assigned, but are not used on the public Internet (the purple line).
BTW, out of the 256 /8s in IPv4, the maximum number of assignments that can be made is 220, the rest is reserved for other purposes.
My 23" Cinema Display defaulted at 6700K, measured with an EyeOne. From what I understand, a difference of 300 Kelvin is impercievable.
Their whole business model, outside of printers, is to resell other companies products as their own brand.
This is not entirely true for printers either. Only the inkjet line is truly HP's own design. All of the laserjet engines are manufactured by Canon according to some design specs HP sets. The original Color Laserjet had a Konica Minolta engine, and so does the relatively new, but already ditched, digital copier line.
This solution is a lot nicer. A small LCD that fits in the case and can be hooked up to the TV out of your video card.