13. RPKI at CNNIC
• Standardization work in IETF
• X. Lee, X. Liu, Z. Yan and Y. Fu, RPKI Deployment Considerations: Problem Analysis
and Alternative Solutions, draft-lee-sidr-rpki-deployment-01, Jan, 2016.
• RPKI Deployment Problems:Existing and Potential Problems , such as Technical, Economic
and Political
• Alternative Solutions
• Y. Fu, Z. Yan, X. Liu and C. Wang, Scenarios of unexpected resource assignment in
RPKI, draft-fu-sidr-unexpected-scenarios-01, March 2016.
• Problem: Unbelonged resource allocation, Duplicated allocation, Resource transfer
• Solution: Safeguard of CA function
• Z.Yan, Y.Fu, X.Liu, G.Geng, Problem Statement and Considerations for ROA
Mergence, draft-yan-sidr-roa-mergence-00, May 2016
• analyzes and presents some operational
• Problems caused by the misconfigurations of ROAs containing multiple IP prefixes.
• Suggestions and considerations
17. RPKI at CNNIC
• Published several academic papers
• Cuicui Wang, Zhiwei Yan and Anlei Hu. An Efficient Data Management Architecture
for the Large-scale Deployment of Resource Public Key Infrastructure
• Xiaowei Liu, Zhiwei Yan, Guanggang Geng, Xiaodong Lee, Shian-ShyongTseng and
Ching-Heng Ku. RPKI Deployment: Risks and Alternative Solutions
• Xiaowei Liu, Zhiwei Yan, Guanggang Geng and XiaodongLee.
Research of ResourceAllocation Risks by CAs in RPKI and Feasible Solutions
• Zhiwei Yan, Xiaowei Liu, Guanggang Geng and SheraliZeadally. Secure and Scalable
Deployment of Resource Public Key Infrastructure (RPKI)
19. What is the future of RPKI?
• Will RPKI be deployed widely?
• Let’s have a glimpse of DNSSEC
• 2010-12~
2013-03
Experimental
• 2013-04
Announced
• 2013-08
Partial
• 2013-11
DS in Root
• Keep
going…
Operational
Experimental:
ü Risk analysis
ü Software development
Announced:
ü Hardware & software deployment
ü Training and drills
Partial:
ü Signing & roller
ü Observations & verification
DS in Root:
ü Generation & submission
ü Observations & verification
Operational:
ü Upgrades and improvements
ü Debugging
Over
800 days
120 days