Jump to content

Resource Public Key Infrastructure

From ICANNWiki

Resource Public Key Infrastructure (RPKI) is a framework designed to secure the Border Gateway Protocol. RPKI provides a way to connect Internet number resource information to a trust anchor. Holders of number resources use RPKI to control the operation of Internet routing protocols to prevent route hijacking and other attacks.[1] Resource Public Key Infrastructure (RPKI), defined in RFC 6810, was proposed to authenticate the relationship between a prefix and its origination.

In an article on security issues and resolutions for RPKI, MANRS Fellow Dr. Bahaa Al-Musawi describes in detail the pros and cons of implementing RPKI,[2] which include:

Advantages:

  1. reduces route leaks
  2. prevents the propagation of invalid routes
  3. discards invalid routes

Problems:

  1. The open-source tool Rsync is the main way of distributing RPKI data; repositories are vulnerable to Denial of Service attacks, and few rsync client libraries exist
  2. Unguaranteed updated RPKI data

References[edit | edit source]