Specific outcomes of the NRO RPKI Program
15/05/2024
By Sofía Silva, RPKI Program Manager, NRO
In our previous blog post (https://blog.apnic.net/2024/03/11/improving-regional-internet-registry-alignment-in-the-rpki-space/ ), we introduced the new NRO RPKI Program and what we are aiming to achieve:
“[…] the NRO RPKI Program aims to provide a more consistent and uniformly secure, resilient, and reliable RPKI service to help remove barriers currently experienced by network operators who create RPKI objects through multiple RIRs.”
We have now broken down that purpose into more specific outcomes that will guide our efforts.
Firstly, we want to gain a better understanding of what a single, global RPKI system would look like. We would like to know more about the expectations from the community in terms of consistency across the Regional Internet Registries (RIRs) in their RPKI implementations.
What degree of diversity is acceptable or even welcome? What aspects of the RPKI system need to be more consistent? Please share your thoughts on this with us!
While we work with the community to clearly define what a single, global RPKI system would look like, we can start working on improving some other aspects of the RPKI system — namely robustness and security.
We plan to put some focus into better measuring the robustness of the RPKI system as a whole by agreeing on what are the aspects of robustness that should be measured, and clearly documenting the current status and any relevant planned development initiatives for each RIR for those aspects, so that in the future we can make this information public in a uniform way.
What aspects of the robustness of the RPKI system would you see value in knowing more about? Please let us know!
We also want to enhance the security consistency of the RPKI system across the different RIRs by establishing a baseline, working with the guidance of security experts on setting the minimum security requirements, and identifying the gaps per RIR, so we can then prioritise those gaps and work towards closing them.
Finally, and where a lot of my focus will be as a Program Manager, we will work to keep the technical community informed and engaged throughout the program and to address RPKI-related concerns in a coordinated way. I will soon be working on validating some assumptions. If you would like to volunteer to participate in interviews or other forms of user research activities, please let me know.
What are your main challenges around deploying RPKI? Have you created Route Origin Authorizations (ROAs)? Have you set up Route Origin Validation in your routers? What are your main concerns about the RPKI system as it stands today? Please get in touch and share your thoughts with us!
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of LACNIC.