LACNIC Supports Project to Promote RPKI in Brazil
05/02/2019
LACNIC’s Technology Department is working on a new project for promoting Resource Public Key Infrastructure (RPKI) to support NIC.br and IX.br in their implementation of resource certification in Brazil, announced Carlos Martínez, LACNIC CTO.
This project will allow including all RPKI certificates issued in Brazil in the Anchor Trust operated by LACNIC.
LACNIC operates the trust anchor for the resource public key infrastructure (RPKI) for Latin American and the Caribbean. This root certificate allows validating a certificate’s signature chain within the RPKI, making it possible to verify trust in the entire chain.
In order for NIC.br to offer RPKI certificates to its members, it must rely on the trust anchor managed by LACNIC for Latin America and the Caribbean. “The validation mechanism is like climbing a tree. The root is the trust anchor, a specific certificate which we all agree to trust. In the case of Resource PKIs, there is one trust anchor per RIR. In Latin America, the trust anchor is operated by LACNIC. Signing an RPKI certificate is only possible if it is validated by LACNIC,” said Martínez.
This RPKI project for Brazil was announced during the latest meeting of GTER (Working Group on Network Engineering and Operation) and GTS (Working Group on Network Security), held in December.
During this meeting, Martínez and Frederico Neves, NIC.br Services and Technology Director, reported that the launch of the resource public key certificate system for securing Internet routing in Brazil is scheduled for this year.
“I like a phrase that defines the BGP (Border Gateway Protocol) as a protocol that routes based on rumors. This means that it works completely based on trust,” said Martinez during the meeting.
LACNIC’s CTO described how BGP announcement origin validation works, possible validity status, as well as successful regional experiences in the use of the RPKI (NAP.ec in Ecuador, CRIX in Costa Rica, RENATA in Colombia, and PIT Chile).
Likewise, Neves noted that the development of the RPKI software for the number resource management system used for the members of NIC.br is scheduled to be completed by December 2019.