[sidr] Can you help us measure validation statistics for the current rpki infrastructure?
Tim Bruijnzeels <tim@ripe.net> Thu, 10 May 2012 10:06 UTC
Return-Path: <tim@ripe.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6B3C21F8631 for <sidr@ietfa.amsl.com>; Thu, 10 May 2012 03:06:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MTJ6f2JB1foa for <sidr@ietfa.amsl.com>; Thu, 10 May 2012 03:06:04 -0700 (PDT)
Received: from postlady.ripe.net (postlady.ipv6.ripe.net [IPv6:2001:67c:2e8:11::c100:1341]) by ietfa.amsl.com (Postfix) with ESMTP id C363E21F8540 for <sidr@ietf.org>; Thu, 10 May 2012 03:06:03 -0700 (PDT)
Received: from ayeaye.ripe.net ([193.0.23.5]) by postlady.ripe.net with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <tim@ripe.net>) id 1SSQG2-0000uk-0J for sidr@ietf.org; Thu, 10 May 2012 12:06:03 +0200
Received: from s258-sslvpn-1.ripe.net ([193.0.20.231] helo=vpn-164.ripe.net) by ayeaye.ripe.net with esmtps (TLSv1:AES128-SHA:128) (Exim 4.72) (envelope-from <tim@ripe.net>) id 1SSQG1-0001Yq-NQ; Thu, 10 May 2012 12:06:01 +0200
From: Tim Bruijnzeels <tim@ripe.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 10 May 2012 12:03:30 +0200
To: "sidr@ietf.org wg" <sidr@ietf.org>
Message-Id: <BB4CC4D8-4C07-42A6-8378-2461854BF7E6@ripe.net>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.48/RELEASE, bases: 20120425 #7816066, check: 20120510 clean
X-RIPE-Spam-Level: --
X-RIPE-Spam-Report: Spam Total Points: -2.9 points pts rule name description ---- ---------------------- ------------------------------------ -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000]
X-RIPE-Signature: 784d7acfe6559f2a0b602ec6519a0719b77beba8ececc755dd6ae6cb7f0d388d
Subject: [sidr] Can you help us measure validation statistics for the current rpki infrastructure?
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2012 10:06:04 -0000
Hi, As you know there are discussions about the rpki repository and validation standards and infrastructure. There was some discussion and people suggested that we (as a wg) should do more, distributed, measurements. To help this effort we have now built a statistics feedback option in our validator. If enabled it will gather statistics on the following and send them to us after every validation run (per TA configured): = availability of rsync repositories = reachability of rsync TA repositories over IPv4 vs IPv6 = total time it takes to do a full validation for a trust anchor = frequency of finding inconsistencies for any CA where an object mentioned on the mft can not be found, or the mft is out of sync with some object(s) = some statistic about your system (OS, java version, memory, your public ip address) to help us uniquely identify instances and see if any of these parameters influence the performance of our tool in other ways (i.e. this may be needed to reduce noise in measurement analysis) So, I would like to invite everyone interested on this list to download our validator and leave it running on a server with this feedback option enabled. New version can be downloaded here: https://certification.ripe.net/content/public-repo/releases/net/ripe/rpki-validator/rpki-validator-app/2.3/rpki-validator-app-2.3-bin.zip It should work fine on a linux system with openjdk 6 or 7 and rsync, and preferably 1 GB of memory. Thanks, Tim
- [sidr] Can you help us measure validation statist… Tim Bruijnzeels