On Fri, Nov 20, 2020 at 12:02:04PM -0500, Tom Beecher wrote:
In before snark of "OMG "http" links to RPKI info HURF BLURF!"
But Tom, that is exactly the whole point of the RPKI :-) It's funny, but true! You really can safely use the RPKI data from the console website in your own production environment, even after it has been transported via mere HTTP - provided you have the TAL files to build the chain of trust. This applies also applies to the console's HTML itself: if you have the TAL files + rpki-client + rsync + the openssl cli utility + ksh + perl; you can generate any of the pages yourself and thus confirm their authenticity and integrity. Of course I don't expect anyone to jump through those hoops, but the source code is here: https://github.com/job/console.rpki-client.org I'll concede HTTPS does provide some privacy while looking at these gorgeous ASN.1 data structures ;-) Kind regards, Job