References in periodicals archive ?
* RPKI affects the policies and business models of the RIRs
Their routing operations are the place where RPKI must be implemented if routing is to be secured using this technology.
At its best, RPKI would not only help to prevent bogus route announcements and address hijacking, it would also facilitate the smooth transfer of ipv4 address resources from one party to another after the free pool is depleted.
There are however externalities in the adoption and implementation of RPKI. As other literature has recognized, network externalities--or what has more accurately been termed demand-side economies of scope (ECONOMIDES & WHITE 1994; MUELLER, 1997)--can act as both facilitators and obstacles to security technology adoption (LELARGE, 2009).
But a universal RPKI regime that is tightly bound to the authoritative IP address allocation hierarchy does raise some serious risks for ISPs.
[I]f filter lists are built or routers check origin authenticity in real-time by traversing the RPKI tree(s), there would seem to be significantly more control vested in each parent node in the path up to the root of the RPKI hierarchy.
Confirming Conrad's point, a university network operator objected to the way RPKI altered "the balance of power" between network operators and the RIRs:
With RPKI the allocator can revoke the organization's certificate while the civil process takes its time, causing harm to the organization that is now unroutable.
Predictably, revocation of certificates has emerged as a critical point of contention in the ISP community's debates over RPKI. For example, when RIPE-NCC proposed implementing resource certification, its members refused to support it due to concerns about the length of certificate validity and the linking of certificate revocation to RIPE membership status.
The RPKI standard codified its reliance on the IANARIR allocation hierarchy; at the same time, its design was described as "capable of accommodating a variety of trust anchor arrangements." (HUSTON, WEILER, MICHAELSON & KENT, 2010) A statement by the SIDR WG's co-chair summed up the policy in a colorful way--and also revealed how ambiguous the underlying attitudes and specifications were:
As long as it is unclear how RPKI achieves compatibility among multiple roots, it is disingenuous to pretend that RPKI allows ISPs a free choice of trust anchors--just as it is disingenuous to pretend that anyone who wants to create an alternate DNS root can easily do so.
(15) It has also funded much of the research work on RPKI. The U.S.
Acronyms browser ?
Full browser ?