According to documentation the default operating mode of the RIPE NCC Validator is rpki.validator.strict-validation = false, this means that by default the validator operates in an insecure mode which is detrimental to the users of the software.
It is beyond me why I have to open so many tickets to encourage the developers of this software to produce something that is not an immediate and urgent risk to anyone using this software.
The text was updated successfully, but these errors were encountered:
We are implementing something that is compliant with the current RFCs. Also, given the discussion happening in SIDROPS and in issues of this project, it seems like not all the users are 100% comfortable with the change of the default behaviour. Testing shows that for some repositories (*.br, *.cn, *.tw) some amount (small hundreds) of VRPs will be rejected in the strict mode, so we are not especially comfortable with this change as well.
Most likely, we will switch to 'strict-by-default' behaviour in the upcoming release(s), but for now, with all the trade-offs we've chosen to keep the software back-compatible until there is new version RFC we can refer to in our implementation.
It is possible for RFCs to contain bugs, oversights, or insecure recommendations. Just like software, RFCs are produced by humans. An issue in an RFC is not a valid reason to deny your users a secure experience.
It is unfortunate that some users of the RPKI have produced data that cannot be validated, but that shouldn't stop you from protecting the actual users of your software - the relying parties running this validator.
You are literally saying that because some random CA somewhere did something wrong, you are shipping by-default-insecure software.
By saying that you will wait till a new RFC is published you say that you prioritise a flawed interpretation of RFC-compliance over actual object security.
Note that other RPKI cache implemtations just fixed the issues and moved on. The RIPE validator (which is not even used by RIPE NCC itself since the NCC doesn't do RPKI ROV in its own network) is the odd one out.
According to documentation the default operating mode of the RIPE NCC Validator is
rpki.validator.strict-validation = false, this means that by default the validator operates in an insecure mode which is detrimental to the users of the software.It is beyond me why I have to open so many tickets to encourage the developers of this software to produce something that is not an immediate and urgent risk to anyone using this software.
The text was updated successfully, but these errors were encountered: