1,248 bytes added
, 3 years ago
'''Resource Public Key Infrastructure''' (RPKI) is a framework designed to secure the [[BGP|Border Gateway Protocol]]. RPKI provides a way to connect Internet number resource information to a trust anchor. Holders of number resources use RPKI to control the operation of Internet routing protocols to prevent route hijacking and other attacks.<ref>[https://www.apnic.net/community/security/resource-certification/ Resource Certification, APNIC]</ref>
Resource Public Key Infrastructure (RPKI), defined in RFC 6810, was proposed to authenticate the relationship between a prefix and its origination.
In an article on security issues and resolutions for RPKI, [[MANRS]] Fellow Dr. [[Bahaa Al-Musawi]] describes in detail the pros and cons of implementing RPKI,<ref>[https://www.manrs.org/2021/04/2-security-issues-with-rpki-and-how-to-fix-them/ RPKI Security, MANRS]</ref> which include:
''Advantages'':
# reduces route leaks
# prevents the propagation of invalid routes
# discards invalid routes
''Problems'':
# The open-source tool [[Rsync]] is the main way of distributing RPKI data; repositories are vulnerable to [[DoS Attack|Denial of Service attacks]], and few rsync client libraries exist
# Unguaranteed updated RPKI data
==References==