1 Resource Certification Robert Loomans February 2, 2007.

Slides:

Advertisements

Similar presentations

A Threat Model for BGPSEC

Advertisements

Internet Resource Policy Evaluation Process. facilitates the advancement of the Internet through information and educational outreach allocates Internet.

A Threat Model for BGPSEC Steve Kent BBN Technologies.

RPKI Standards Activity Geoff Huston APNIC February 2010.

Update on Resource Certification Geoff Huston, APNIC Mark Kosters, ARIN SSAC Meeting, March 2008.

An Operational Perspective on BGP Security Geoff Huston February 2005.

A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 70.

The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.

RPSLng, CRISP / Whois update Database SIG APNIC19 24 February 2005, Kyoto, Japan.

Nigel Titley. RIPE 54, 9 May 2007, Tallinn, Estonia. 1 RIPE NCC Certification Task Force Update Presented by Nigel Titley RIPE NCC.

CS 145A Case Study: Simplified BGP Finite State Machine Netlab.caltech.edu/course.

Route Leaks Sandra Murphy. Is This a Route Leak? To be able to detect a route leak: Given Update with AS_PATH AS1…ASn Is this a route leak?

RPKI and Routing Security ICANN 44 June Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Routing Registries What are they, how do they work, and why should I care? Larry Blunk, Merit Network, Inc.The Quilt Peering Workshop, Fall 2006.

SIDR WORKING GROUP IETF 80 PRAGUE draft-manderson-sidr-geo-00.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Paul Vixie APNIC 32 – Busan, Korea ARIN Update Focus IPv4 Depletion & IPv6 Uptake Developing, adapting, and improving processes and procedures Working.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Wed 28 Jul 2010SIDR IETF 78 Maastricht, NL1 SIDR Working Group IETF 78 Maastricht, NL Wednesday, 28 Jul 2010.

The Resource Public Key Infrastructure Geoff Huston APNIC.

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)

1 ARIN: Mission, Role and Services John Curran ARIN President and CEO.

Prepared by The Regional Internet Registries [APNIC, ARIN, LACNIC and RIPE NCC]

1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.

RPKI Tutorial Andy Newton Chief Engineer, ARIN. Agenda Resource Public Key Infrastructure(RPKI) Route Origin Authorizations (ROAs) Certificate Authorities.

© 1998 R. Gemmell IETF WG Presentation1 Robert Gemmell ROAMOPS Working Group.

Using Resource Certificates Progress Report on the Trial of Resource Certification October 2006 Geoff Huston Chief Scientist APNIC.

A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.

1 IPv4 Depletion and Migration to IPv6 John Curran Chairman American Registry for Internet Numbers (ARIN)

1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.

Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Status Report ARIN VI Public Policy Meeting 2-4 October 2000.

Draft-huston-sidr-rfc6490-bis Geoff Huston Slide 1/6.

Draft Policy ARIN : Remove NRPM section 7.1.

1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.

Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.

Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.

News from APNIC German Valdez Communications Area Manager RIPE October 2008.

Wed 24 Mar 2010SIDR IETF 77 Anaheim, CA1 SIDR Working Group IETF 77 Anaheim, CA Wednesday, Mar 24, 2010.

1 IPFIX WG 59th IETF Seoul March 3, 2004 Chairs: Nevil Brownlee, Dave Plonka Discussion:

Mon 26 Mar & Wed 28 Mar 2012SIDR IETF 83 Paris, France1 SIDR Working Group IETF 83 Paris, France Monday, 26 Mar 2012 Wednesday, 28 Mar 2012.

RPKI Certificate Policy Status Update Stephen Kent.

CCNA Course-2 AITSO CCNA Course -2 Class-4 ( )

Resource Certificate Provisioning Protocol Geoff Huston IETF 70 December 2007.

RPKI Gray Area: Inheritance? IETF 83, SIDR WG Contributors: Andrew Chi (BBN), Rob Austein (DRL), Tim Bruijnzeels and Miklos Juhasz (RIPE NCC)

Thu 30 July 2009SIDR IETF 75 Stockholm, SE1 SIDR Working Group IETF 75 Stockholm, SE THURSDAY, July 30, 2009.

SPIRITS Chairs: Steve Bellovin

November 2006 Geoff Huston APNIC

RPSEC WG Issues with Routing Protocols security mechanisms

IETF 81 Quebec, QC, Canada Thursday, 28 July, 2011

IPFIX WG 66th IETF San Diego November 9, 2006

CAPWAP Working Group IETF 66 Montreal

ISIS Route Tag sub-TLV draft-ietf-isis-admin-tags-02.txt

Signaled PID When Multiplexing Multiple Payloads over RSVP-TE LSPs draft-ali-mpls-sig-pid-multiplexing-case-00.txt Zafar Ali, Cisco Systems.

APNIC Trial of Certification of IP Addresses and ASes

IP Statistics Q1 Q2 Q3 Q4 Total /24 Equivalents Issued*

Resource Certificate Profile

IETF Liaison Report May 2004 Dorothy Stanley – Agere Systems

A Proposal for IPv4 Essential Infrastructure

TLS Security Profiles Rob Horn WG-14: Security.

OSPF WG Status IETF 98, Chicago

Progress Report on Resource Certification

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006

IEEE MEDIA INDEPENDENT HANDOVER DCN:

News from APNIC ARIN XXII 16 October 2008.

Requirements for running a local WHOIS service

Access Node Control Protocol (ANCP)

Presentation transcript:

1 Resource Certification Robert Loomans February 2, 2007

2 Resource Certification Aim to provide trust injection for secure routing Allow assertion of rights to IP and AS resources and checking those assertions

3 Code Wiki – Modifications to OpenSSL. –Funded by ARIN –Done by Rob Austein from ISC – –Also accepted into OpenSSL CVS and slated for CARA –RA and CA implementation –Developed by the RIPE-NCC

4 Standards IETF SIDR WG drafts –Certificate policy 00.txthttp:// 00.txt Derived from RFC3280 and RFC3779 –Template for Certification Practice Statement for RIRs, NIRs, etc irs-00.txthttp:// irs-00.txt

5 Protocols Registry  ISP ISP  Customer