• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Internet Number Resource Certification

Internet Number Resource Certification



presentation given by Alex Band at the April 2011 RIPE NCC Roundtable Meeting in AMsterdam

presentation given by Alex Band at the April 2011 RIPE NCC Roundtable Meeting in AMsterdam



Total Views
Views on SlideShare
Embed Views



1 Embed 34

http://www.ripe.net 34



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Internet Number Resource Certification Internet Number Resource Certification Presentation Transcript

    • Internet NumberResource CertificationRIPE NCC Roundtable Meeting – 4 April 2011Alex Band, Product Manager
    • RIPE NCC• The authority on who is the registered holder of an Internet Number Resource in our region - IPv4 and IPv6 Address Blocks - Autonomous System Numbers• Information is kept in the Registry• Accuracy and completeness are key 2
    • Resource Certificates – The Goal• Issue digital certificates along with the allocation of Internet Resources• Two main purposes: - Make the Registry more robust - Make Internet routing more secure• Industry self-regulation! - Technical community, RIRs, software and hardware vendors collaborating 3
    • Resource Certificates – Details• State that an Internet number resource has been registered by a Regional Internet Registry• Based on IETF standards - An open community of network designers, operators, vendors and researchers• Issued to RIPE NCC members since 1 Jan 2011• Free, opt-in member service• Do not list any identity information - All further information can be found in the registry 4
    • What Certification Offers Certification• Validated proof of holdership• Secure Internet Routing - Route Origin Authorisation• Resource transfers• Validation is the added value• Make the Internet itself more secure! Discuss Resource Certification At RIPE 61: 5
    • The System certificate authority 6
    • Proof of Holdership • • • 7
    • Certificate Validity – Due Diligence• Certificate is linked to the registration status• Renewed every 12 months following LIR verification 8
    • Internet Routing• Routing is non-hierarchical, open and free• Freedom comes at a price: - You can announce any address block on your router - Accidental errors happen frequently, impact is high Entire networks become unavailable - - Malicious attacks are relatively easy - Mitigation requires intervention from operators• IPv4 address depletion may intensify issue 9
    • Route Origin Authorisation (ROA) • fi • • 10
    • Publication• Each RIR has a public repository - Holds certificates and ROAs• Accessed using a Validation tool - Software only for now - Hardware support by end of 2011 - Cisco, Juniper, etc. 11
    • Where Are We Now? After 3 Months Almost 10% of our membership is using it Around 10 new LIRs join every single day 12
    • What This Means For You• The legitimate holder of an Internet resource can now present a verifiable digital certificate• Other Internet users can base decisions on this It will be harder to use resources on the Internet that you are not the holder of 13
    • For information and announcements: http://ripe.net/certification 14
    • Questions?