Authored by:
Sofia Silva Berenguer, RPKI Program Manager, NRO
In our previous blog post, we introduced the new NRO RPKI Program and what we are aiming to achieve:
“[…] the NRO RPKI Program aims to provide a more consistent and uniformly secure, resilient, and reliable RPKI service to help remove barriers currently experienced by network operators who create RPKI objects through multiple RIRs.”
We have now broken down that purpose into more specific outcomes to guide our efforts.
Firstly, we want to gain a better understanding of what a single, global RPKI system would look like. We would like to know more about the expectations from the community in terms of consistency across the Regional Internet Registries (RIRs) in their RPKI implementations.
What degree of diversity is acceptable or even welcome? What aspects of the RPKI system need to be more consistent? This email address is being protected from spambots. You need JavaScript enabled to view it.
While we work with the community to clearly define what a single, global RPKI system would look like, we will start working on improving some other aspects of the RPKI system — namely robustness and security.
We plan to focus on better measuring the robustness of the RPKI system as a whole by agreeing on the aspects of robustness that should be measured, and clearly documenting the current status and any relevant planned development initiatives for each RIR regarding those aspects, so that in the future we can make this information public in a uniform way.
What aspects of the robustness of the RPKI system would you see value in knowing more about? This email address is being protected from spambots. You need JavaScript enabled to view it.!
We also want to enhance the security consistency of the RPKI system across the different RIRs by establishing a baseline, working with the guidance of security experts on setting the minimum security requirements, and identifying the gaps per RIR, so we can then prioritize those gaps and work towards closing them.
Finally, and where a lot of my focus will be as a Program Manager, we will work to keep the technical community informed and engaged throughout the program and to address RPKI-related concerns in a coordinated way. I will soon be working on validating some assumptions. This email address is being protected from spambots. You need JavaScript enabled to view it. if you would like to volunteer to participate in interviews or other forms of user research activities.
What are your main challenges around deploying RPKI? Have you created Route Origin Authorizations (ROAs)? Have you set up Route Origin Validation (ROV) in your routers? What are your main concerns about the RPKI system as it stands today? Please get in touch and share your thoughts with us!