In our previous blog post, we introduced the new NRO RPKI Program and what we are aiming to achieve:
“[…] the NRO RPKI Program aims to provide a more consistent and uniformly secure, resilient, and reliable RPKI service to help remove barriers currently experienced by network operators who create RPKI objects through multiple RIRs.”
Improving Regional Internet Registry alignment in the RPKI space
We have now broken down that purpose into more specific outcomes to guide our efforts.
Firstly, we want to gain a better understanding of what a single, global RPKI system would look like. We would like to know more about the expectations from the community in terms of consistency across the Regional Internet Registries (RIRs) in their RPKI implementations.
What degree of diversity is acceptable or even welcome? What aspects of the RPKI system need to be more consistent? Please share your thoughts on this with us!
While we work with the community to clearly define what a single, global RPKI system would look like, we will start working on improving some other aspects of the RPKI system — namely robustness and security.
We plan to focus on better measuring the robustness of the RPKI system as a whole by agreeing on the aspects of robustness that should be measured, and clearly documenting the current status and any relevant planned development initiatives for each RIR regarding those aspects, so that in the future we can make this information public in a uniform way.
What aspects of the robustness of the RPKI system would you see value in knowing more about? Please let us know!
We also want to enhance the security consistency of the RPKI system across the different RIRs by establishing a baseline, working with the guidance of security experts on setting the minimum security requirements, and identifying the gaps per RIR, so we can then prioritize those gaps and work towards closing them.
Finally, and where a lot of my focus will be as a Program Manager, we will work to keep the technical community informed and engaged throughout the program and to address RPKI-related concerns in a coordinated way. I will soon be working on validating some assumptions. Please let me know if you would like to volunteer to participate in interviews or other forms of user research activities.
What are your main challenges around deploying RPKI? Have you created Route Origin Authorizations (ROAs)? Have you set up Route Origin Validation (ROV) in your routers? What are your main concerns about the RPKI system as it stands today? Please get in touch and share your thoughts with us!
Sofia Silva Berenguer is the RPKI Program Manager for the NRO.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.