The Routing Security SIG at APRICOT 2023 / APNIC 55 heard from four participants on the issues of routing information management outside of the Border Gateway Policy (BGP).
Aftab Siddiqi presented on prop-151, which proposed to minimize the use of a Routing Policy Specification Language (RPSL) object for collecting customer an Autonomous System Number (ASN) called an ‘as-set’. This comes with significant security issues.
There was a spirited, if light-hearted, discussion during the session that this was ‘tinkering on the edges’ of a bigger problem with Internet Routing Registries (IRRs) but in the end, it’s a disagreement of ‘how’ to manage insecure information sources, more than if they are good or bad.
prop-151 reached consensus at the APNIC 55 Open Policy Meeting and later at the APNIC General Meeting (AGM). The proposal is now being returned to the Policy SIG mailing list for the final comment period.
Then, Yanbiao Li from CNIC presented on a novel ‘super-encoding’ of the maximum length field of the Resource Public Key Infrastructure Route Origin Authorization (RPKI ROA) object.
Fang Gao presented on source address validation, with a detailed discussion of the current state of play inside the ISP and with IETF standards.
Finally, Tom Harrison, APNIC’s Product and Delivery Manager — Registry Product, presented the RPKI Signed Checklists (RSCs) object, a novel RPKI structure for a signature over an arbitrary set of files. A lively discussion at the microphone ensued about the utility of this service, which enables the use of RPKI to sign as-yet undefined information structures to enable the resource holder to explore things before standardization, among other things.
Watch the recording for the commentary from the floor — it was an informative session:
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.