Earlier this year we launched the NRO RPKI Program, and shared information about the program’s purpose and envisaged outcomes. One of our main goals is to raise awareness among the technical community that we are committed to providing a more consistent, uniformly secure, resilient, and reliable RPKI service.
An important outcome of this year’s work is the documentation of a problem statement for the current Trust Anchor configuration, and exploration of potential solutions. We plan to share a proposal for discussion with the technical community soon.
We also documented the RPKI services and features offered by each Regional Internet Registry (RIR), along with different aspects of the robustness of the RPKI system, which brings together a breadth of knowledge about the current state of these elements for each implementation. Consistent documentation in a single place allows us to see the variability across these implementations.
Additionally, we wanted to learn more about the experience of managing resources across multiple regions to understand whether differences in RIR RPKI implementations are hindering Route Origin Authorization (ROA) creation. We conducted user research activities and invited network operators responsible for IP space allocated by different RIRs to share any barriers they may have experienced when creating ROAs.
We are grateful to the 80 network operators who completed the survey, and a special thank you to the 11 people who volunteered to participate in interviews for a deeper dive into their responses.
The key learnings show we should focus on increasing the consistency of the RPKI user experience across regions, which will be one of our priorities for 2025. Additionally, we agreed on two other priorities:
- work on a solution to the current Trust Anchor configuration to address the concerns of the technical community
- offer more transparency on the robustness and security aspects of the RPKI system
We’ll continue working on providing a more consistent, uniformly secure, resilient, and reliable RPKI service for the global Internet community, and continuing to receive valuable input from users.
Sofia Silva Berenguer is the RPKI Program Manager for the NRO.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.