[sig-routing] prop-059: Using the Resource Public Key Infrastructure to

  • To: APNIC Routing SIG <sig-routing at lists dot apnic dot net>
  • Subject: [sig-routing] prop-059: Using the Resource Public Key Infrastructure to construct validated IRR data
  • From: Philip Smith <pfs at cisco dot com>
  • Date: Thu, 03 Apr 2008 21:34:08 +1000
  • Authentication-results: syd-dkim-1; header.From=pfs@cisco.com; dkim=pass ( sig from cisco.com/syddkim1002 verified; );
  • Delivered-to: sig-routing at mailman dot apnic dot net
  • List-archive: <http://mailman.apnic.net/mailing-lists/sig-routing>
  • List-help: <mailto:sig-routing-request@lists.apnic.net?subject=help>
  • List-id: APNIC SIG on IP routing technology and policy issues <sig-routing.lists.apnic.net>
  • List-post: <mailto:sig-routing@lists.apnic.net>
  • List-subscribe: <http://mailman.apnic.net/mailman/listinfo/sig-routing>, <mailto:sig-routing-request@lists.apnic.net?subject=subscribe>
  • List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/sig-routing>, <mailto:sig-routing-request@lists.apnic.net?subject=unsubscribe>
  • Organization: Cisco Systems
  • Reply-to: sig-routing@lists.apnic.net
  • User-agent: Thunderbird (Macintosh/20080213)
    • Dear SIG members
      The proposal 'Using the Resource Public Key Infrastructure to construct
      validated IRR data' has been sent to the Routing SIG for review. It will
      be presented at the Routing SIG at APNIC 26 in Christchurch, New
      Zealand, 25-29 August 2008.
      The proposal's history can be found at:
      We invite you to review and comment on the proposal on the mailing list
      before the meeting.
      The comment period on the mailing list before an APNIC meeting is an
      important part of the policy development process. We encourage you to
      express your views on the proposal:
           - Do you support or oppose this proposal?
           - Does this proposal solve a problem you are experiencing? If so,
             tell the community about your situation.
           - Do you see any disadvantages in this proposal?
           - Is there anything in the proposal that is not clear?
           - What changes could be made to this proposal to make it more
      Philip Smith
      Routing SIG Chair
      prop-059-v001: Using the Resource Public Key Infrastructure to
                      construct validated IRR data
      Author:    Randy Bush
      Version:   1
      Date:      31 March 2008
      1.  Introduction
      This is a proposal to introduce a new registry that augments Internet
      Routing Registry (IRR) data with the formally verifiable trust model of
      the Resource Public Key Infrastructure (RPKI) and provide ISPs with the
      tools to generate an overlay to the IRR which is much more strongly
      2.  Summary of current problem
      The current methods for adding or updating Internet Routing Registry
      (IRR) data have weak security, and lack an inherently formally
      verifiable structure, resulting in a low level of trust in IRR data.
      To address the problem of this low level of trust in IRR data, there
      have been proposals to use Resource Public Key Infrastructure (RPKI) to
      sign IRR data. The problem with most of the proposed schemes, however,
      is that they are conceptually weak and hard to implement due to the
      differences between the trust structures of the IRR and the RPKI.
      More recently, however, Ruediger Volk has described a very simple method
      of using the RPKI that involves no change to the IRR, software that uses
      the IRR, or the RPKI.
      This is a proposal to implement Ruediger Volk's idea to strengthen the
      operators' use of data in the global IRR.
      3.   Situation in other RIRs
      This proposal has yet to be made in any other RIR.
      4.   Details of the proposal
      It is proposed that:
      4.1 APNIC publish a new IRR that contains 'route' objects generated from
           Route Origin Authorizations (ROAs) in the RPKI.
           - This new IRR would accept 'route' objects generated from the
             global RPKI, and would therefore cover the entire routing space,
             in so much as the RPKI covers the global space.
           - Operators who use the IRR to generate routing filters can choose
             to put this new IRR registry logically in front of the other
             registries. Operators can then given preference to routing origin
             information that can be formally validated.
           - This new registry would be made available as an IRR publication
      4.2 APNIC publish an open source tool that enables network operators to
           generate their own overlay IRR publication points themselves.
           - Such generated IRR publication points should be identical to the
             one generated and made available by APNIC.
           - Producing overlay IRR publication points allows security
             conscious operators to have a more formal trust model that
             prevents attacks on the IRR segment generated and served by
      5.   Advantages and disadvantages of the proposal
      - Router filters would be more reliable as they would prefer RPKI
         validated origins, where available, rather than those not validated
         in the RPKI.
         ISPs would achieve this by configuring tools that automatically
         generate router filters to give priority to the IRR publication point
         of the new registry based on RPKI-signed objects.
      - The community will have an enhanced ability to filter BGP peer
         prefixes at no additional cost or changes to the data or tool bases.
         This would increase the reliability of the global routing system.
      - This new IRR publication point would be much simpler than other
         current ideas about how to use RPKI in conjunction with IRR data.
      - This proposal requires no changes to RPSL, the IRR, IRR toolsets, or
         the RPKI.
      - None are known.
      6.   Effect on APNIC members
      See 'Advantages' above.
      7.   Effect on NIRs
      None are known.