[Community-Discuss] 06 April 2019 RPKI incident - Postmortem report
sfolayan at gmail.com
Wed Apr 10 13:23:57 UTC 2019
Better understood, the offline portion of the process.
A simple Nagios plugin can be bright yellow 7 days to doomsday and blood
red, three days to doomsday. Visible to all devops.
Email is just too basic as an alert.
On Wed, Apr 10, 2019, 14:11 Daniel Shaw via Community-Discuss <
community-discuss at afrinic.net> wrote:
> Hi Mark, Saul, Sunday, all,
> I suppose that Cedrick or other staff may possibly reply in due course
> with more details as regards this specific implementation of a CA (aka the
> AFRINIC RPKI CA). However let me respond a bit generally about the reason
> to have an offline portion of a CA.
> Ultimately, a CA involves certificates and crypto as we all know. And this
> needs keys, including private keys. The integrity of the entire system
> below the CA depends on the top level private keys being ... private.
> To automate anything the system doing the automation needs to connect to
> the system being automated. In other words everything has to be "online" to
> an extent. The thinking, generally, is that anything that is connected to
> other things has the potential, however small the chance to be compromised.
> Therefore, the best way to ensure absolute and certain privacy of the
> all-important private key material is to "air-gap" it.
> And thus it follows that when something else needs to be signed/verified
> using these offline keys, you also don't want to copy them online, even
> briefly and so you do the work offline and then copy the results back
> online. It is this copy - bridging the air gap - that requires a human.
> Put another way: You can't really automate sneaker-net.
> - Daniel
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Wednesday, April 10, 2019 8:32 AM, Mark Tinka <mark.tinka at seacom.mu>
> Thanks, Cedrick.
> A question that is, perhaps, obvious... are you able to take the human
> component out of this?
> Community-Discuss mailing list
> Community-Discuss at afrinic.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Community-Discuss