Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC.

Slides:



Advertisements
Similar presentations
RPKI Standards Activity Geoff Huston APNIC February 2010.
Advertisements

Update on Resource Certification Geoff Huston, APNIC Mark Kosters, ARIN SSAC Meeting, March 2008.
The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.
1 APNIC Resource Certification Service Project Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam George Michaelson.
Introduction to ARIN and the Internet Registry System.
Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.
RPKI Certificate Policy Status Update Stephen Kent.
Nigel Titley. RIPE 54, 9 May 2007, Tallinn, Estonia. 1 RIPE NCC Certification Task Force Update Presented by Nigel Titley RIPE NCC.
December 2013 Internet Number Resource Report. December 2013 Internet Number Resource Report INTERNET NUMBER RESOURCE STATUS REPORT As of 31 December.
March 2014 Internet Number Resource Report. March 2014 Internet Number Resource Report INTERNET NUMBER RESOURCE STATUS REPORT As of 31 March 2014 Prepared.
RPKI and Routing Security ICANN 44 June Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.
ROAs and Detecting “Bad” Originations Geoff Huston SIDR WG IETF 74.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
Some Lessons Learned from Designing the Resource PKI Geoff Huston Chief Scientist, APNIC May 2007.
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
A PKI For IDR Public Key Infrastructure and Number Resource Certification AUSCERT 2006 Geoff Huston Research Scientist APNIC.
Customer Confidentiality Draft Policy Origin (Proposal 95)9 June 2009 Draft Policy (successfully petitioned) 2 February 2010 Aaron Wendel has.
Progress Report on resource certification February 2007 Geoff Huston Chief Scientist APNIC.
Resource Certification What it means for LIRs Alain P. AINA Special Project Manager.
Progress Report on APNIC Trial of Certification of IP Addresses and ASes APNIC 22 September 2006 Geoff Huston.
The Resource Public Key Infrastructure Geoff Huston APNIC.
APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.
1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.
RPKI Tutorial Andy Newton Chief Engineer, ARIN. Agenda Resource Public Key Infrastructure(RPKI) Route Origin Authorizations (ROAs) Certificate Authorities.
Desired IRR Operational Model ~IRR/Whois Interaction~ Kuniaki Kondo (JPNIC IRR Workshop/IIJ) Ikuo Nakagawa (Intec) Takashi Arano (Asia Global Crossing)
Using Resource Certificates Progress Report on the Trial of Resource Certification October 2006 Geoff Huston Chief Scientist APNIC.
Using Resource Certificates Progress Report on the Trial of Resource Certification October 2006 Geoff Huston APNIC.
Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.
Using Resource Certificates Progress Report on the Trial of Resource Certification November 2006 Geoff Huston APNIC.
1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.
Updates to the RPKI Certificate Policy I-D Steve Kent BBN Technologies.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Update ARIN-VII San Francisco, April 2001.
Policies for ASN Management in the Asia Pacific Region – Revised Draft Address Policy SIG APNIC14, Kitakyushu, Japan 4 Sept 2002.
1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.
Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.
Securing the Internet Backbone: Current activities in the IETF’s Secure InterDomain Routing Working Group Geoff Huston Chief Scientist, APNIC.
1 Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston.
Current Policy Topics Emilio Madaio RIPE NCC RIPE November 2010, Rome.
Using Resource Certificates Progress Report on the Trial of Resource Certification October 2006 Geoff Huston APNIC.
Prop-077: Proposal to supplement transfer policy of historical IPv4 addresses Wendy Zhao Wei, Jane Zhang & Terence Zhang Yinghao.
1 APNIC Open Address Policy Meeting Special Interest Group Session March 2nd, Korea, Seoul.
Securing BGP: The current state of RPKI
Auto-Detecting Hijacked Prefixes?
Auto-Detecting Hijacked Prefixes?
November 2006 Geoff Huston APNIC
Addressing 2015 Geoff Huston APNIC.
RPKI Trust Anchor Geoff Huston APNIC.
APNIC Trial of Certification of IP Addresses and ASes
Some Thoughts on Integrity in Routing
APNIC Trial of Certification of IP Addresses and ASes
IPv6 Address Space Management Report of IPv6 Registry Simulation
Resource Certificate Profile
Downstream Allocations by LIRs A Proposal
IPv6 Address Space Management Report of IPv6 Registry Simulation
Progress Report on Resource Certification
October 2006 Geoff Huston APNIC
ROA Content Proposal November 2006 Geoff Huston.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006
News from APNIC ARIN XXII 16 October 2008.
Presentation transcript:

Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC

Objective To create a robust framework that allows validation of assertions relating to IP addresses and ASNs and their use and To make it easier for anyone to see if someone is lying about actual control over addresses and/or routing!

Uses Signing of IRR entries “Yes, I am the right-of-use holder and that’s precisely the information I entered into the IRR.” Signing of Routing Origination “Yes, I am the right-of-use holder for this address prefix and I am permitting ASx to originate a route to this address prefix.” Signing of Route Requests “Please route address prefix a.b.c.d/x through customer interface xxx.”

Resources for this work APNIC’s allocation database Public / Private key technology X.509 v3 certificate technology IP resource extensions to X.509 v3 certificates PKI models and trust relationships

The Overall Objective To support a PKI that mirrors the existing resource allocation state –Every resource allocation can be attested by a matching certificate that binds the allocated resource with the resource issuer and recipient To use these resource certificates to make signed assertions that can be validated through this PKI

Trial Activity Status üSpecification of X.509 Resource Certificates üGeneration of resource certificate repositories aligned with existing resource allocations and assignments üTools for Registration Authority / Certificate Authority interaction (undertaken by RIPE NCC) üTools to perform validation of resource certificatesExtensions to OpenSSL for Resource Certificates (open source development activity, supported by ARIN) Current Activities ­Tools for resource collection management, object signing and signed object validation (APNIC, and also open source development activity, supported by ARIN) ­LIR / ISP Tools for certificate management ­Testing, Testing, Testing ­Operational service profile specification Working notes and related material we’ve been working on in this trial activity:

Focus points for Q Can we design the certificate management subsystem to be an largely automated “slave” of the resource allocation function? Provide a toolset to allow IRs to manage certificate issuance Use the same toolset to provide “hosted” certificate services

Focus points for Q Defining the components and interactions of a “certificate engine”

Focus points for Q Automated certificate issuance Client-side tools that allow certificate management to be ‘out-sourced’ Considerations of splits, mergers and resource transfers

Next Steps Development of the Certificate Engine End Entity Certificates Tools for Relying Parties Evaluation of Progress

Thank You Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.