RPKI

From ICANNWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Resource Public Key Infrastructure (RPKI) is a framework designed to secure the Border Gateway Protocol. RPKI provides a way to connect Internet number resource information to a trust anchor. Holders of number resources use RPKI to control the operation of Internet routing protocols to prevent route hijacking and other attacks.[1] Resource Public Key Infrastructure (RPKI), defined in RFC 6810, was proposed to authenticate the relationship between a prefix and its origination.

In an article on security issues and resolutions for RPKI, MANRS Fellow Dr. Bahaa Al-Musawi describes in detail the pros and cons of implementing RPKI,[2] which include:

Advantages:

  1. reduces route leaks
  2. prevents the propagation of invalid routes
  3. discards invalid routes

Problems:

  1. The open-source tool Rsync is the main way of distributing RPKI data; repositories are vulnerable to Denial of Service attacks, and few rsync client libraries exist
  2. Unguaranteed updated RPKI data

References

  1. Resource Certification, APNIC
  2. RPKI Security, MANRS
Retrieved from "https://icannwiki.org/index.php?title=RPKI&oldid=1312318"