BSD Software Development

Bespoke solutions for mission-critical systems

Projects

The Erik Synchronisation Protocol

The Resource Public Key Infrastructure (RPKI) is a critical component of the global Internet routing system: it plays a key role in safeguarding both national and international routing infrastructure. Expedient and reliable distribution of up-to-date RPKI data helps Internet providers make better BGP routing decisions.

With the Erik Synchronization Protocol we seek to develop a novel HTTP-based data replication system for the RPKI using Merkle trees, content-addressable naming, and concurrency control using monotonically increasing sequence numbers. The protocol's design is intended to be efficient, fast, and easy to implement. The goal of the project is to develop the Erik Synchronization Protocol specification as an open standard and produce open-source reference implementations based on rpkitouch and rpki-client.

Rpkitouch

The rpkitouch utility is a low-level tool intended for RPKI operators. The versatile utility can inspect Canonical Cache Representation (CCR) objects, generate content-addressable filesystem hierarchies, and set the last data modification time of file to the timestamp internal to the contained RPKI object.

Visit the project's code repository here.

The rpki-client project

In 2018 we set out to create a new, high performance, secure, BSD-licensed open source, reliable, and carrier-grade RPKI validated cache. The origin story is here.

The rpki-client utility queries the Resource Public Key Infrastructure (RPKI) repository system with a built-in HTTPS client (or Rsync) to fetch all X.509 certificates, manifests, and revocation lists subordinate to a given Trust Anchor. The utility subsequently validates each Signed Object by constructing and verifying a certification path for the certificate associated with the Object (including checking relevant CRLs). Rpki-client produces lists of the Validated ROA Payloads (VRPs), BGPsec Router Keys (BRKs), and Validated ASPA Payloads (VAPs) in various formats (JSON, CCR, etc).

Rpki-client is on the forefront of innovation and used by many telecom operators around the world.