krill 0.9.0

Resource Public Key Infrastructure (RPKI) daemon
Documentation
######################################################################################
#                                                                                    #
#                                      DATA                                          #
#                                                                                    #
######################################################################################

# Specify the directory where the publication server will store its data.
# Note that clustering through a shared data directory is not supported.
# But, we plan to look into a proper clustering solution later.
#
### data_dir = "./data"

# Specify the path to the PID file for Krill.
#
# Defaults to "krill.pid" under the 'data_dir' specified above.
#
### pid_file = "./data/krill.pid"


######################################################################################
#                                                                                    #
#                                     LOGGING                                        #
#                                                                                    #
######################################################################################

# Log level
#
# The maximum log level ("off", "error", "warn", "info", or "debug") for
# which to log messages.
#
# Defaults to "warn"
#
### log_level = "warn"

# Log type
#
# Where to log to. One of "stderr" for stderr, "syslog" for syslog, or "file"
# for a file. If "file" is given, the "log_file" field needs to be given, too.
#
### log_type = "file"

# Syslog facility
#
# The syslog facility to log to if syslog logging is used. Defaults to "daemon".
#
### syslog_facility = "daemon"

# Log file
#
# The path to the file to log to if file logging is used. If the path is
# relative, it is relative to the current working directory from which
# the binary is executed.
#
### log_file = "./krill.log"


######################################################################################
#                                                                                    #
#                                     ACCESS                                         #
#                                                                                    #
######################################################################################

# Admin Token
#
# Define an admin token that can be used to interact with the API. Token use
# is modelled after OAuth 2.0 Bearer Tokens (RFC 6750), which are expected be
# included as an HTTP header in requests by clients.
#
# If you do not specify a value here, the server will insist that you provide
# a token as an environment variable with the key "KRILL_ADMIN_TOKEN".
#
### admin_token =

# Specify the ip address and port number that the server will use.
#
# Note: we recommend that you use the defaults and use a proxy if you
# must make your Krill instance accessible remotely.
#
### ip             = "localhost"
### port           = 3000

# Specify the base public service URI hostname and port.
#
# The default service URI is set to https://localhost:3000/ regardless of the
# IP and port configured above (but matching their default). This is fine for
# simple setups where you use Krill to run your own CA only and you use the
# CLI from localhost.
#
# However, if you need to access Krill remotely, or if you are serving as a
# parent CA to others, then make sure that you use a public URI here *and* make
# sure that you use a proxy server with a proper HTTPS certificate in front of Krill.
#
# At present this MUST be an https URI with a hostname and optional port number only.
# It is not allowed to use a Krill specific path prefix. If you have a strong
# motivation for this, then please comment on the following github issue:
# https://github.com/NLnetLabs/krill/issues/263
#
# Krill UI, API and service URIs will be derived as follows:
#  <service_uri>api/v1/...                (api)
#  <service_uri>rfc6492                   (for remote children)
#  <service_uri>...                       (various UI resources)
### service_uri = "https://localhost:3000/"

######################################################################################
#                                                                                    #
#                                OTHER SEVER SETTINGS                                #
#                                                                                    #
######################################################################################


# CA certificate refresh rate
#
# This defines the rate, in seconds, for Krill CAs to to contact their parent
# CA and query for updates in resource entitlements.
#
# Defaults to 10 minutes
#
### ca_refresh = 600

# Enable loading BGP Dumps from RIS for ROA vs BGP analysis.
#
# bgp_risdumps_enabled = true
# bgp_risdump_v4_uri = http://www.ris.ripe.net/dumps/riswhoisdump.IPv4.gz
# bgp_risdump_v6_uri = http://www.ris.ripe.net/dumps/riswhoisdump.IPv6.gz

# Restrict size of messages sent to the API.
#
# Default 256 kB
#
### post_limit_api = 262144

# Restrict size of messages sent to the RFC 6492 up-down protocol. Only relevant
# if you operate Krill as a parent to other CAs.
#
# Default 1MB (enough for a keyroll with certs of ~400kb, the biggest known cert is 220kB)
#
### post_limit_rfc6492 = 1048576


######################################################################################
#                                                                                    #
#                --------======== DANGER ZONE ========--------                       #
#                                                                                    #
#  Do not change the options below, unless you are really certain that you need to   #
#  override Krill's default behaviour.                                               #
#                                                                                    #
######################################################################################


# Set the following to true to force Krill to always perform full rechecks
# of its data directories at startup. This is disabled by default because
# if can slow down startup significantly.
#
# By default Krill will do some basic checks at startup already, and if any
# errors are encountered force a full recovery automatically: Krill will try
# to load all its state in its internal memory cache at startup. If there are
# no errors in reloading the latest 'info' about the state, any surplus data
# will be assumed to be the result from an incompletely finished transaction - or -
# a data directory backup which was taken during a transaction. In either case
# additional data is discarded and the last (committed) state is recreated.
#
# Note that this 'recovery' will make Krill fall back to the last possible
# consistent state that it can. But, there may be important changes missing.
# For example any changes in ROAs made after the last recoverable state will
# be missing. You will have to verify the state yourself.
#
# In short: use this option only if you suspect that there is an issue with
# your backed up data. And if you do, you may want to set the ENV variable
# "KRILL_UPGRADE_ONLY" as well, in order to force that Krill exits after doing
# all its data checks and clean ups, and you have a chance to check the logs
# before proceeding.
#
### always_recover_data = false


#
#                               ROA Aggregation
#
# It is recommended that separate ROAs are used for each authorized prefix, even
# though the RFC allows for multiple prefixes for the same ASN to be combined on
# a single ROA object. The reason for this is that the ROA will become invalid
# if any of the listed prefixes no longer appears on your CA's certificate. Note
# that Krill will automatically clean up over-claiming ROAs when it finds that its
# resources have been shrunk, but there is a possible time window where ROAs can
# be invalid before Krill discovers the shrinkage.
#
# That said, if there would be too many ROAs then this will impact all RPKI
# validators, therefore Krill will by default start aggregating ROAs per ASN
# when more than 100 ROAs would be issued. Conversely, Krill will start de-
# aggregating again when the number of authorizations drops below 90.
#
# This behaviour can be overridden with the following directives:
# roa_aggregate_threshold = 100
# roa_deaggregate_threshold = 90


#
#                               Republication Intervals
#
# The RPKI uses Manifests (RFC 6486) to communicate the list of current RPKI
# objects (such as ROAs) to RPKI Validators. Manifests are used to protect against
# attacks, or incidents, where Validators only see a partial view of the RPKI
# repository. For this to work properly Validators will need to know how 'fresh'
# the Manifests are - otherwise they would be vulnerable to replay attacks where
# they are presented old versions of Manifests thus withholding them from discovering
# new RPKI objects.
#
# Manifests have two important dates included in them:
# 1- the 'next update time'
# 2- an expiration time
#
# When the next update time is passed manifests will become 'stale'. This means
# the Validators may either warn about the objects listed in these manifests, or
# they may even reject these objects altogether. There is current discussion about
# aligning this behaviour in the IETF - but for the moment the outcome will vary
# between Validator implementations.
#
# When the expiration time (not after time on the embedded EE certificate of the
# Manifest) passes, then the Manifest will be considered invalid by all Validator
# implementations.
#
# So, if Validators are subject to replay attacks of Manifests they will be
# unaware until these times have passed. After these times the Manifest and all
# listed RPKI objects will become invalid. When ROA objects become invalid, this
# typically means that the Route Announcement will be considered "Not Found", rather
# than invalid. So, typically they would not be dropped, but they are no longer
# protected by RPKI.
#
# One could therefore argue that short times should be used. However, if the times
# chosen are too short, then this will leave your CA vulnerable to possible
# operational issues with its RPKI repository - or outages of your CA itself.
#
# So, in short, the chosen values are a balance between the wish to limit the
# vulnerability to replay attacks vs the time an operator has to solve operational
# issues.
#
# Krill uses the following defaults:
#
# The "next update" time is 24 hours:
# timing_publish_next_hours = 24
#
# The "not after time" on the EE certificate is 7 days from issuance:
# timing_publish_valid_days = 7
#
# Krill will automatically re-publish new Manifests if they would become stale
# in 8 hours. Because re-publication happens hourly, this leaves the operator
# with a minimum of 7 hours to fix issues if re-publication should fail.
# timing_publish_hours_before_next = 8


#
#                 ROA and Delegate Certificate Times
#
# Krill will issue ROAs, and child CA certificates if you have delegated resources
# to child CAs, with a "not after" time of 52 weeks from issuance, and it will
# re-issue those ROAs and certificates 4 weeks before they would expire.
#
# Because of the automatic renewal there should be no real need to use longer
# validity times. In fact using longer times could have a negative impact on
# Validator performance because the Certificate Revocation Lists would become
# bigger.
#
# So, we do NOT recommend overriding the following values, except perhaps for
# testing purposes:
# timing_child_certificate_valid_weeks = 52
# timing_child_certificate_reissue_weeks_before = 4
# timing_roa_valid_weeks = 52
# timing_roa_reissue_weeks_before = 4