Many of you have heard about Resource Certification or Resource Public Key Infrastructure (RPKI). We have delivered many talks and conducted tutorials on this topic. Indeed, we have APNIC staff who are also authors of the relevant IETF standards on RPKI.
However, it is one of those things in network security where the ultimate benefit will only be obtained when everyone else is doing it, just like BCP38 (aka SAVE). Unfortunately, adoption has been quite slow, particularly in the Asia Pacific region.
This year, we want to get more APNIC Members to be part of the RPKI story so we are rolling out a Route Origin Authorization (ROA) creation campaign. We want to encourage APNIC Members to create their ROA objects via the MyAPNIC portal.
APNIC has a lot of content describing RPKI and, importantly, how it works. With a ROA, the resource holder is attesting that the origin AS number is authorized to announce the prefix(es). The attestation can be verified cryptographically using RPKI.
To get this campaign moving, we are planning to have ROA sessions at the various NOG events and Members events. Free t-shirts (limited edition!) and stickers are thrown into the mix too. Our first session is on 17 January at SANOG 25.
We are also looking for ambassadors or local champions to help us promote the cause. If you are interested to, don’t hesitate to ping us.
Furthermore, we’ve have developed a page for the Ready to ROA campaign, so keep an eye on it for the latest news and updates.
If you are Member of APNIC and a resource holder, have you created your ROA? If not, then what are you waiting for? Feel free to contact us if you need any assistance!
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.
You are doing good job.
How long does it take to affect our public IP address register in ROA?