Difference between pages "George Michaelson" and "RPKI"
(Difference between pages)
Jump to navigation
Jump to search
(Created page with "{{People |portrait=George_michaelson.jpg |caricature=George MichaelsonComing1.jpg |organization=APNIC |jobtitle=Senior Research and Development Officer |gender=Male |region=A...") |
(Created page with "'''Resource Public Key Infrastructure''' (RPKI) is a framework designed to secure the Border Gateway Protocol. RPKI provides a way to connect Internet number resource...") |
||
Line 1: | Line 1: | ||
− | + | '''Resource Public Key Infrastructure''' (RPKI) is a framework designed to secure the [[BGP|Border Gateway Protocol]]. RPKI provides a way to connect Internet number resource information to a trust anchor. Holders of number resources use RPKI to control the operation of Internet routing protocols to prevent route hijacking and other attacks.<ref>[https://www.apnic.net/community/security/resource-certification/ Resource Certification, APNIC]</ref> | |
− | + | Resource Public Key Infrastructure (RPKI), defined in RFC 6810, was proposed to authenticate the relationship between a prefix and its origination. | |
− | + | ||
− | + | In an article on security issues and resolutions for RPKI, [[MANRS]] Fellow Dr. [[Bahaa Al-Musawi]] describes in detail the pros and cons of implementing RPKI,<ref>[https://www.manrs.org/2021/04/2-security-issues-with-rpki-and-how-to-fix-them/ RPKI Security, MANRS]</ref> which include: | |
− | + | ||
− | + | ''Advantages'': | |
− | + | # reduces route leaks | |
− | + | # prevents the propagation of invalid routes | |
− | + | # discards invalid routes | |
− | + | ||
− | + | ''Problems'': | |
− | + | # The open-source tool [[Rsync]] is the main way of distributing RPKI data; repositories are vulnerable to [[DoS Attack|Denial of Service attacks]], and few rsync client libraries exist | |
− | ''' | + | # Unguaranteed updated RPKI data |
− | + | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==References== | ==References== |
Latest revision as of 16:59, 12 May 2021
Resource Public Key Infrastructure (RPKI) is a framework designed to secure the Border Gateway Protocol. RPKI provides a way to connect Internet number resource information to a trust anchor. Holders of number resources use RPKI to control the operation of Internet routing protocols to prevent route hijacking and other attacks.[1] Resource Public Key Infrastructure (RPKI), defined in RFC 6810, was proposed to authenticate the relationship between a prefix and its origination.
In an article on security issues and resolutions for RPKI, MANRS Fellow Dr. Bahaa Al-Musawi describes in detail the pros and cons of implementing RPKI,[2] which include:
Advantages:
- reduces route leaks
- prevents the propagation of invalid routes
- discards invalid routes
Problems:
- The open-source tool Rsync is the main way of distributing RPKI data; repositories are vulnerable to Denial of Service attacks, and few rsync client libraries exist
- Unguaranteed updated RPKI data