Resource Public Key Infrastructure
Resource Public Key Infrastructure (RPKI) is a framework designed to secure the Border Gateway Protocol. RPKI provides a way to connect Internet number resource information to a trust anchor. Holders of number resources use RPKI to control the operation of Internet routing protocols to prevent route hijacking and other attacks.[1] Resource Public Key Infrastructure (RPKI), defined in RFC 6810, was proposed to authenticate the relationship between a prefix and its origination.
In an article on security issues and resolutions for RPKI, MANRS Fellow Dr. Bahaa Al-Musawi describes in detail the pros and cons of implementing RPKI,[2] which include:
Advantages:
- reduces route leaks
- prevents the propagation of invalid routes
- discards invalid routes
Problems:
- The open-source tool Rsync is the main way of distributing RPKI data; repositories are vulnerable to Denial of Service attacks, and few rsync client libraries exist
- Unguaranteed updated RPKI data