SlideShare a Scribd company logo

APNIC's Resource Certification Service

APNIC
APNIC

The document discusses resource public key infrastructure (RPKI) and APNIC's RPKI service. It provides 3 key points: 1) RPKI uses a PKI architecture to securely associate IP address resources to their holders through cryptographically verified certificates. This improves security of internet routing. 2) APNIC offers an optional RPKI certification service through MyAPNIC where members can generate and manage certificates for their address blocks. 3) The RPKI system is still being developed and tested but offers a way to experiment with generating route origination authorizations (ROAs) to authorize routing of specific address prefixes.

Internet
1 of 19
Download to read offline
Issue Date: Revision: APNIC Resource Certification Service Tuan Nguyen [31 May 2014] [4]
Internet Routing Security •  Routing security is essential to integrity of the Internet –  Need to improve security of inter-domain routing •  Who has the authority to advertise information into the routing system? •  The majority of network relationships are based on system of mutual trust –  Each party trusts that routes used to transmit information are safe •  The trust model is increasingly open to potential abuse and attack 2
About RPKI •  An architecture to support improved security of Internet routing using PKI infrastructure •  A robust security framework for verifying the association between resource holders and their Internet resources –  “Cryptographically verifiable attestations” for IP address delegations and their use •  This architecture is called Resource Public Key Infrastructure (RPKI) 3
Resource Delegation Hierarchy IANA AFRINIC RIPE NCC ARIN APNIC LACNIC NIR1 NIR2 ISP ISP ISP ISP ISP ISP ISP
About RPKI •  “Trustable authority” mirrors the administrative resource allocation hierarchy with certificates that match current resource delegations •  A resource holder operating a sub-delegation registry (for example, an LIR) may use an RPKI system to generate certificates that correspond to these delegations –  Grant a unique “right-of-use” for the associated set of IP resources 5
About RPKI •  These certificates are called resource certificates and they conform to X.509 PKIX standards •  RPKI is not used to validate attestations of an individual’s identity or that individual’s role, but as a means to validate that person’s authority to use IP address resources •  An RPKI resource certificate is required to enable a resource holder to issue “Route Origination Authorizations” (ROAs) 6
What is a ROA? •  It is a digital object that contains a list of address prefixes and one AS number •  It is an authority created by a prefix holder to authorize an AS number to originate one or more specific route advertisements •  It does not contain any routing policy information, nor does it convey whether or not the AS holder has even consented to actually announce the prefix(es) into the routing system
APNIC’s RPKI Service •  Enhancement to the RIRs –  Offers verifiable proof of resources holdings •  Resource certification is an opt-in service –  Resource holders choose to request a certificate and provide their public key to be certified •  APNIC has integrated the RPKI management service into MyAPNIC for APNIC Member use 8
What you need to know •  You are encouraged to experiment, test, play and develop –  For example, you can create your ROAs •  RPKI standards are still being developed, and the operating environment for RPKI use is still fragile •  It’s ready for testing and prototyping, but is probably not ready for production use just yet •  Please tell us what you find but don’t rely on it in your network yet
MyAPNIC - Resource Certification Service
MyAPNIC-Resource Certification 11
MyAPNIC-Resource Certification 12
MyAPNIC-Resource Certification 13
MyAPNIC-Resource Certification 14
MyAPNIC-Resource Certification 15
MyAPNIC-Resource Certification 16
More RPKI Information •  Securing BGP –  The Internet Protocol Journal, Volume 14, No. 2 •  An Infrastructure to Support Secure Internet Routing –  RFC6480 •  A Reappraisal of Validation in the RPKI –  labs.apnic.net/blabs •  An Introduction to Routing Security (and RPKI tools) –  labs.apnic.net/presentations/store/2013-05-13-rpki.pdf •  MyAPNIC Resource Certification Guide –  www.apnic.net/myapnic 17
Questions or Comments?
THANK YOU www.facebook.com/APNIC www.twitter.com/apnic www.youtube.com/apnicmultimedia www.flickr.com/apnic www.weibo.com/APNICrir

Recommended

How APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaionHow APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaion
APNIC
 
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
Indonesia Network Operators Group
 
APNIC Update: ARIN 37
APNIC Update: ARIN 37APNIC Update: ARIN 37
APNIC Update: ARIN 37
Bhadrika Magan
 
IPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesIPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government Agencies
APNIC
 
APNIC Policy Update, LACNIC 26
APNIC Policy Update, LACNIC 26APNIC Policy Update, LACNIC 26
APNIC Policy Update, LACNIC 26
APNIC
 
IDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesiaIDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesia
APNIC
 
APNIC Update - PacNOG20
APNIC Update - PacNOG20APNIC Update - PacNOG20
APNIC Update - PacNOG20
APNIC
 
APNIC Update: btNOG 3
APNIC Update: btNOG 3APNIC Update: btNOG 3
APNIC Update: btNOG 3
APNIC
 

Recommended

How APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaionHow APNIC can support law enforcement agencies in cybercrime investigtaion
How APNIC can support law enforcement agencies in cybercrime investigtaion
APNIC
 
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
34 - IDNOG03 - Fakrul Alam (APNIC) - Securing Global Routing System and Oper...
Indonesia Network Operators Group
 
APNIC Update: ARIN 37
APNIC Update: ARIN 37APNIC Update: ARIN 37
APNIC Update: ARIN 37
Bhadrika Magan
 
IPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government AgenciesIPv6 Adoption by ASEAN Government Agencies
IPv6 Adoption by ASEAN Government Agencies
APNIC
 
APNIC Policy Update, LACNIC 26
APNIC Policy Update, LACNIC 26APNIC Policy Update, LACNIC 26
APNIC Policy Update, LACNIC 26
APNIC
 
IDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesiaIDNOG 2: AS interconnection in indonesia
IDNOG 2: AS interconnection in indonesia
APNIC
 
APNIC Update - PacNOG20
APNIC Update - PacNOG20APNIC Update - PacNOG20
APNIC Update - PacNOG20
APNIC
 
APNIC Update: btNOG 3
APNIC Update: btNOG 3APNIC Update: btNOG 3
APNIC Update: btNOG 3
APNIC
 
Route Origin Authorization (ROA) using RPKI
Route Origin Authorization (ROA) using RPKIRoute Origin Authorization (ROA) using RPKI
Route Origin Authorization (ROA) using RPKI
APNIC
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOG
Siena Perry
 
Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia Pacifc
APNIC
 
APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5
APNIC
 
APNIC Update for ARIN 35
APNIC Update for ARIN 35APNIC Update for ARIN 35
APNIC Update for ARIN 35
APNIC
 
Whois organization object
Whois organization objectWhois organization object
Whois organization object
APNIC
 
HKNOG1.1 presentation
HKNOG1.1 presentationHKNOG1.1 presentation
HKNOG1.1 presentation
APNIC
 
npNOG 2: APNIC activity report
npNOG 2: APNIC activity reportnpNOG 2: APNIC activity report
npNOG 2: APNIC activity report
APNIC
 
IDNOG 2: IPv4 Transfers
IDNOG 2: IPv4 TransfersIDNOG 2: IPv4 Transfers
IDNOG 2: IPv4 Transfers
APNIC
 
Introduction to RPKI
Introduction to RPKIIntroduction to RPKI
Introduction to RPKI
APNIC
 
BKNIX Peering Forum: Quick introduction of HKIX
BKNIX Peering Forum: Quick introduction of HKIXBKNIX Peering Forum: Quick introduction of HKIX
BKNIX Peering Forum: Quick introduction of HKIX
APNIC
 
Securing global routing system and operators approach
Securing global routing system and operators approachSecuring global routing system and operators approach
Securing global routing system and operators approach
APNIC
 
CommuniCast 2014: Connecting your business to the Internet
CommuniCast 2014: Connecting your business to the InternetCommuniCast 2014: Connecting your business to the Internet
CommuniCast 2014: Connecting your business to the Internet
APNIC
 
RPKI - 5W2H [APRICOT 2015]
RPKI - 5W2H [APRICOT 2015]RPKI - 5W2H [APRICOT 2015]
RPKI - 5W2H [APRICOT 2015]
APNIC
 
APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC Technical Assistance Service, IDNIC OPM 2016APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC
 
IGFA 2017: IPv6 deployment
IGFA 2017: IPv6 deploymentIGFA 2017: IPv6 deployment
IGFA 2017: IPv6 deployment
APNIC
 
IPv4 Transfers, Taiwan Internet Forum
IPv4 Transfers, Taiwan Internet ForumIPv4 Transfers, Taiwan Internet Forum
IPv4 Transfers, Taiwan Internet Forum
APNIC
 
How the Internet works...and why
How the Internet works...and whyHow the Internet works...and why
How the Internet works...and why
APNIC
 
IANA Stewardship Transition Consultation - APNIC 38
IANA Stewardship Transition Consultation - APNIC 38IANA Stewardship Transition Consultation - APNIC 38
IANA Stewardship Transition Consultation - APNIC 38
APNIC
 
ARM 7: ROA session
ARM 7: ROA sessionARM 7: ROA session
ARM 7: ROA session
APNIC
 
09 (IDNOG01) Introduction about APNIC by Wita Laksono
09 (IDNOG01) Introduction about APNIC by Wita Laksono09 (IDNOG01) Introduction about APNIC by Wita Laksono
09 (IDNOG01) Introduction about APNIC by Wita Laksono
Indonesia Network Operators Group
 
PCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC IntroductionPCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC Introduction
APNIC
 

More Related Content

What's hot

What's hot (20)

Route Origin Authorization (ROA) using RPKI
Route Origin Authorization (ROA) using RPKIRoute Origin Authorization (ROA) using RPKI
Route Origin Authorization (ROA) using RPKI
 
Introduction to RPKI - MyNOG
Introduction to RPKI - MyNOGIntroduction to RPKI - MyNOG
Introduction to RPKI - MyNOG
 
Whois - Addressing the Asia Pacifc
Whois - Addressing the Asia PacifcWhois - Addressing the Asia Pacifc
Whois - Addressing the Asia Pacifc
 
APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5APNIC Update, NPNOG 0.5
APNIC Update, NPNOG 0.5
 
APNIC Update for ARIN 35
APNIC Update for ARIN 35APNIC Update for ARIN 35
APNIC Update for ARIN 35
 
Whois organization object
Whois organization objectWhois organization object
Whois organization object
 
HKNOG1.1 presentation
HKNOG1.1 presentationHKNOG1.1 presentation
HKNOG1.1 presentation
 
npNOG 2: APNIC activity report
npNOG 2: APNIC activity reportnpNOG 2: APNIC activity report
npNOG 2: APNIC activity report
 
IDNOG 2: IPv4 Transfers
IDNOG 2: IPv4 TransfersIDNOG 2: IPv4 Transfers
IDNOG 2: IPv4 Transfers
 
Introduction to RPKI
Introduction to RPKIIntroduction to RPKI
Introduction to RPKI
 
BKNIX Peering Forum: Quick introduction of HKIX
BKNIX Peering Forum: Quick introduction of HKIXBKNIX Peering Forum: Quick introduction of HKIX
BKNIX Peering Forum: Quick introduction of HKIX
 
Securing global routing system and operators approach
Securing global routing system and operators approachSecuring global routing system and operators approach
Securing global routing system and operators approach
 
CommuniCast 2014: Connecting your business to the Internet
CommuniCast 2014: Connecting your business to the InternetCommuniCast 2014: Connecting your business to the Internet
CommuniCast 2014: Connecting your business to the Internet
 
RPKI - 5W2H [APRICOT 2015]
RPKI - 5W2H [APRICOT 2015]RPKI - 5W2H [APRICOT 2015]
RPKI - 5W2H [APRICOT 2015]
 
APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC Technical Assistance Service, IDNIC OPM 2016APNIC Technical Assistance Service, IDNIC OPM 2016
APNIC Technical Assistance Service, IDNIC OPM 2016
 
IGFA 2017: IPv6 deployment
IGFA 2017: IPv6 deploymentIGFA 2017: IPv6 deployment
IGFA 2017: IPv6 deployment
 
IPv4 Transfers, Taiwan Internet Forum
IPv4 Transfers, Taiwan Internet ForumIPv4 Transfers, Taiwan Internet Forum
IPv4 Transfers, Taiwan Internet Forum
 
How the Internet works...and why
How the Internet works...and whyHow the Internet works...and why
How the Internet works...and why
 
IANA Stewardship Transition Consultation - APNIC 38
IANA Stewardship Transition Consultation - APNIC 38IANA Stewardship Transition Consultation - APNIC 38
IANA Stewardship Transition Consultation - APNIC 38
 
ARM 7: ROA session
ARM 7: ROA sessionARM 7: ROA session
ARM 7: ROA session
 

Similar to APNIC's Resource Certification Service

Introduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) HermosoIntroduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) Hermoso
MyNOG
 

Similar to APNIC's Resource Certification Service (20)

09 (IDNOG01) Introduction about APNIC by Wita Laksono
09 (IDNOG01) Introduction about APNIC by Wita Laksono09 (IDNOG01) Introduction about APNIC by Wita Laksono
09 (IDNOG01) Introduction about APNIC by Wita Laksono
 
PCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC IntroductionPCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC Introduction
 
PCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC IntroductionPCTA Convention 2023: APNIC Introduction
PCTA Convention 2023: APNIC Introduction
 
APNIC's role in stability and security - 4th APT Cybersecurity Forum
APNIC's role in stability and security - 4th APT Cybersecurity ForumAPNIC's role in stability and security - 4th APT Cybersecurity Forum
APNIC's role in stability and security - 4th APT Cybersecurity Forum
 
Cybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNICCybersecurity Opportunities Challenges APNIC
Cybersecurity Opportunities Challenges APNIC
 
KHNOG 5: APNIC Services
KHNOG 5: APNIC ServicesKHNOG 5: APNIC Services
KHNOG 5: APNIC Services
 
APNIC services and Policy Development Process | IDNOG 5
APNIC services and Policy Development Process | IDNOG 5APNIC services and Policy Development Process | IDNOG 5
APNIC services and Policy Development Process | IDNOG 5
 
Peering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for PeeringPeering Asia 2.0: RPKI for Peering
Peering Asia 2.0: RPKI for Peering
 
APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives APAN 50: RPKI industry trends and initiatives
APAN 50: RPKI industry trends and initiatives
 
APNIC Member Services
APNIC Member ServicesAPNIC Member Services
APNIC Member Services
 
LEA Workshop dated 09052013
LEA Workshop dated 09052013LEA Workshop dated 09052013
LEA Workshop dated 09052013
 
Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying it
 
LEA Workshop 11/12/2013
LEA Workshop 11/12/2013LEA Workshop 11/12/2013
LEA Workshop 11/12/2013
 
ARIN 35 Tutorial: How to certify your ARIN resources with RPKI
ARIN 35 Tutorial: How to certify your ARIN resources with RPKIARIN 35 Tutorial: How to certify your ARIN resources with RPKI
ARIN 35 Tutorial: How to certify your ARIN resources with RPKI
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
RPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and OperationsRPKI Overview, Case Studies, Deployment and Operations
RPKI Overview, Case Studies, Deployment and Operations
 
34th TWNIC OPM: APNIC Policy Implementation Update
34th TWNIC OPM: APNIC Policy Implementation Update34th TWNIC OPM: APNIC Policy Implementation Update
34th TWNIC OPM: APNIC Policy Implementation Update
 
Introduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) HermosoIntroduction to RPKI by Sheryl (Shane) Hermoso
Introduction to RPKI by Sheryl (Shane) Hermoso
 
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRTMMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
MMIX Peering Forum and MMNOG 2020: Securing your resources with RPKI and IRT
 

More from APNIC

More from APNIC (20)

APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
APNIC Policy Roundup presented by Sunny Chendi at TWNOG 5.0
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 

Recently uploaded

Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 

Recently uploaded (20)

Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 

APNIC's Resource Certification Service

  • 1. Issue Date: Revision: APNIC Resource Certification Service Tuan Nguyen [31 May 2014] [4]
  • 2. Internet Routing Security •  Routing security is essential to integrity of the Internet –  Need to improve security of inter-domain routing •  Who has the authority to advertise information into the routing system? •  The majority of network relationships are based on system of mutual trust –  Each party trusts that routes used to transmit information are safe •  The trust model is increasingly open to potential abuse and attack 2
  • 3. About RPKI •  An architecture to support improved security of Internet routing using PKI infrastructure •  A robust security framework for verifying the association between resource holders and their Internet resources –  “Cryptographically verifiable attestations” for IP address delegations and their use •  This architecture is called Resource Public Key Infrastructure (RPKI) 3
  • 4. Resource Delegation Hierarchy IANA AFRINIC RIPE NCC ARIN APNIC LACNIC NIR1 NIR2 ISP ISP ISP ISP ISP ISP ISP
  • 5. About RPKI •  “Trustable authority” mirrors the administrative resource allocation hierarchy with certificates that match current resource delegations •  A resource holder operating a sub-delegation registry (for example, an LIR) may use an RPKI system to generate certificates that correspond to these delegations –  Grant a unique “right-of-use” for the associated set of IP resources 5
  • 6. About RPKI •  These certificates are called resource certificates and they conform to X.509 PKIX standards •  RPKI is not used to validate attestations of an individual’s identity or that individual’s role, but as a means to validate that person’s authority to use IP address resources •  An RPKI resource certificate is required to enable a resource holder to issue “Route Origination Authorizations” (ROAs) 6
  • 7. What is a ROA? •  It is a digital object that contains a list of address prefixes and one AS number •  It is an authority created by a prefix holder to authorize an AS number to originate one or more specific route advertisements •  It does not contain any routing policy information, nor does it convey whether or not the AS holder has even consented to actually announce the prefix(es) into the routing system
  • 8. APNIC’s RPKI Service •  Enhancement to the RIRs –  Offers verifiable proof of resources holdings •  Resource certification is an opt-in service –  Resource holders choose to request a certificate and provide their public key to be certified •  APNIC has integrated the RPKI management service into MyAPNIC for APNIC Member use 8
  • 9. What you need to know •  You are encouraged to experiment, test, play and develop –  For example, you can create your ROAs •  RPKI standards are still being developed, and the operating environment for RPKI use is still fragile •  It’s ready for testing and prototyping, but is probably not ready for production use just yet •  Please tell us what you find but don’t rely on it in your network yet
  • 17. More RPKI Information •  Securing BGP –  The Internet Protocol Journal, Volume 14, No. 2 •  An Infrastructure to Support Secure Internet Routing –  RFC6480 •  A Reappraisal of Validation in the RPKI –  labs.apnic.net/blabs •  An Introduction to Routing Security (and RPKI tools) –  labs.apnic.net/presentations/store/2013-05-13-rpki.pdf •  MyAPNIC Resource Certification Guide –  www.apnic.net/myapnic 17