Presentation is loading. Please wait.

Presentation is loading. Please wait.

Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC."— Presentation transcript:

1 Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC

2 Objective To create a robust framework that allows validation of assertions relating to IP addresses and ASNs and their use and To make it easier for anyone to see if someone is lying about actual control over addresses and/or routing!

3 Uses Signing of IRR entries “Yes, I am the right-of-use holder and that’s precisely the information I entered into the IRR.” Signing of Routing Origination “Yes, I am the right-of-use holder for this address prefix and I am permitting ASx to originate a route to this address prefix.” Signing of Route Requests “Please route address prefix a.b.c.d/x through customer interface xxx.”

4 Resources for this work APNIC’s allocation database Public / Private key technology X.509 v3 certificate technology IP resource extensions to X.509 v3 certificates PKI models and trust relationships

5 The Overall Objective To support a PKI that mirrors the existing resource allocation state –Every resource allocation can be attested by a matching certificate that binds the allocated resource with the resource issuer and recipient To use these resource certificates to make signed assertions that can be validated through this PKI

6 Trial Activity Status üSpecification of X.509 Resource Certificates üGeneration of resource certificate repositories aligned with existing resource allocations and assignments üTools for Registration Authority / Certificate Authority interaction (undertaken by RIPE NCC) üTools to perform validation of resource certificatesExtensions to OpenSSL for Resource Certificates (open source development activity, supported by ARIN) Current Activities ­Tools for resource collection management, object signing and signed object validation (APNIC, and also open source development activity, supported by ARIN) ­LIR / ISP Tools for certificate management ­Testing, Testing, Testing ­Operational service profile specification Working notes and related material we’ve been working on in this trial activity: http://mirin.apnic.net/resourcecerts

7 Focus points for Q1 2007 Can we design the certificate management subsystem to be an largely automated “slave” of the resource allocation function? Provide a toolset to allow IRs to manage certificate issuance Use the same toolset to provide “hosted” certificate services

8 Focus points for Q1 2007 Defining the components and interactions of a “certificate engine”

9 Focus points for Q1 2007 Automated certificate issuance Client-side tools that allow certificate management to be ‘out-sourced’ Considerations of splits, mergers and resource transfers

10 Next Steps Development of the Certificate Engine End Entity Certificates Tools for Relying Parties Evaluation of Progress

11 Thank You Questions? http://mirin.apnic.net/resourcecerts

Download ppt "Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC."

Similar presentations

RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
Update on Resource Certification Geoff Huston, APNIC Mark Kosters, ARIN SSAC Meeting, March 2008.

Update on Resource Certification Geoff Huston, APNIC Mark Kosters, ARIN SSAC Meeting, March 2008.
The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.

The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.
1 APNIC Resource Certification Service Project Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam George Michaelson.

1 APNIC Resource Certification Service Project Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam George Michaelson.
Introduction to ARIN and the Internet Registry System.

Introduction to ARIN and the Internet Registry System.
Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.

Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.
RPKI Certificate Policy Status Update Stephen Kent.

RPKI Certificate Policy Status Update Stephen Kent.
Nigel Titley. RIPE 54, 9 May 2007, Tallinn, Estonia. 1 RIPE NCC Certification Task Force Update Presented by Nigel Titley RIPE NCC.

Nigel Titley. RIPE 54, 9 May 2007, Tallinn, Estonia. 1 RIPE NCC Certification Task Force Update Presented by Nigel Titley RIPE NCC.
December 2013 Internet Number Resource Report. December 2013 Internet Number Resource Report INTERNET NUMBER RESOURCE STATUS REPORT As of 31 December.

December 2013 Internet Number Resource Report. December 2013 Internet Number Resource Report INTERNET NUMBER RESOURCE STATUS REPORT As of 31 December.
March 2014 Internet Number Resource Report. March 2014 Internet Number Resource Report INTERNET NUMBER RESOURCE STATUS REPORT As of 31 March 2014 Prepared.

March 2014 Internet Number Resource Report. March 2014 Internet Number Resource Report INTERNET NUMBER RESOURCE STATUS REPORT As of 31 March 2014 Prepared.
RPKI and Routing Security ICANN 44 June 2012. Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.

RPKI and Routing Security ICANN 44 June Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.
ROAs and Detecting “Bad” Originations Geoff Huston SIDR WG IETF 74.

ROAs and Detecting “Bad” Originations Geoff Huston SIDR WG IETF 74.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.

Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
Some Lessons Learned from Designing the Resource PKI Geoff Huston Chief Scientist, APNIC May 2007.

Some Lessons Learned from Designing the Resource PKI Geoff Huston Chief Scientist, APNIC May 2007.

Similar presentations

Ads by Google