Internet Number Resource Certification


Published on

presentation given by Alex Band at the April 2011 RIPE NCC Roundtable Meeting in AMsterdam

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Internet Number Resource Certification

  1. 1. Internet NumberResource CertificationRIPE NCC Roundtable Meeting – 4 April 2011Alex Band, Product Manager
  2. 2. RIPE NCC• The authority on who is the registered holder of an Internet Number Resource in our region - IPv4 and IPv6 Address Blocks - Autonomous System Numbers• Information is kept in the Registry• Accuracy and completeness are key 2
  3. 3. Resource Certificates – The Goal• Issue digital certificates along with the allocation of Internet Resources• Two main purposes: - Make the Registry more robust - Make Internet routing more secure• Industry self-regulation! - Technical community, RIRs, software and hardware vendors collaborating 3
  4. 4. Resource Certificates – Details• State that an Internet number resource has been registered by a Regional Internet Registry• Based on IETF standards - An open community of network designers, operators, vendors and researchers• Issued to RIPE NCC members since 1 Jan 2011• Free, opt-in member service• Do not list any identity information - All further information can be found in the registry 4
  5. 5. What Certification Offers Certification• Validated proof of holdership• Secure Internet Routing - Route Origin Authorisation• Resource transfers• Validation is the added value• Make the Internet itself more secure! Discuss Resource Certification At RIPE 61: 5
  6. 6. The System certificate authority 6
  7. 7. Proof of Holdership • • • 7
  8. 8. Certificate Validity – Due Diligence• Certificate is linked to the registration status• Renewed every 12 months following LIR verification 8
  9. 9. Internet Routing• Routing is non-hierarchical, open and free• Freedom comes at a price: - You can announce any address block on your router - Accidental errors happen frequently, impact is high Entire networks become unavailable - - Malicious attacks are relatively easy - Mitigation requires intervention from operators• IPv4 address depletion may intensify issue 9
  10. 10. Route Origin Authorisation (ROA) • fi • • 10
  11. 11. Publication• Each RIR has a public repository - Holds certificates and ROAs• Accessed using a Validation tool - Software only for now - Hardware support by end of 2011 - Cisco, Juniper, etc. 11
  12. 12. Where Are We Now? After 3 Months Almost 10% of our membership is using it Around 10 new LIRs join every single day 12
  13. 13. What This Means For You• The legitimate holder of an Internet resource can now present a verifiable digital certificate• Other Internet users can base decisions on this It will be harder to use resources on the Internet that you are not the holder of 13
  14. 14. For information and announcements: 14
  15. 15. Questions?