Routing Security Session

Routing Security Session

When: Wednesday, 27 February 2013
Time: 16:00 - 17:30 (UTC +8)
Where: Island (Tanglin) Ballroom
Chair: Geoff Huston (APNIC)

Video / Transcripts

Videos and transcripts for this session will be added here soon.

Local Trust Anchor Management for the RPKI

Stephen Kent, BBN Technologies

Local Trust Anchor Management (LTAM) is new feature of the Resource Public Key Infrastructure (RPKI) that enables ISPs to override data acquired from the RPKI repository system, to provide a locally-controlled perspective of the RPKI hierarchy. This feature can be used to accommodate local use of RFCC 1918 address space when it is propagated (internally) using BGP. It also can be used, on a national level, to “protect” address space (and ASn numbers) associated with critical infrastructure, relative to internal, national, access.

LTAM is described by an Internet-Draft (draft-ietf-sidr-ltamgmt-07), which is slated to become a standards track RFC from the SIDR WG. LTAM allows any user to “protect” data that the user has acquired via a trusted channel, and which the user does not want to be superseded by normal RPKI processing. LTAM is based on a simple but powerful notion which, unfortunately, is rarely made available to users in any PKI context. This notion is that the user can act as the ONLY trust anchor (TA) that it recognizes. All other putative TAs can be imported and have their self-signed certificates reissued by the user, under himself. In the course of reissuing putative TA certificates, the RP can modify them, e.g., impose constraints on them, in various ways that are beneficial to RP security. LTAM can be used to counter some of the attacks that have resulted from bad behavior by widely trusted TAs in the commercial PKI space. In the RPKI context, these capabilities can be used, judiciously, to limit the impact of errors by TAs, e.g., relative to governmental RPs and national sovereignty.

0 0 Slides 4.5 MB

George Michaelson, APNIC

APNIC is in the process of deploying significant changes to its existing RPKI service which will both align our UI with the RIPE NCC, and expose the provisioning protocol to the INR holders, NIR and direct members.

We also want to discuss why we did our split TAL model, and explore the future work we intend doing in 2013 to continue improving the service.

0 0 Slides 14.3 MB
RPKI Overview, Implementations, Deployment, and Hackathons

Randy Bush, IIJ

An overview of the RPKI and the status at RIRs and a report on workshops.

0 0

Key Info


Shangri-La Hotel, Singapore


19 February - 1 March 2013


Now open

Program includes:

Technical workshops, Tutorials, and Conference streams.