Ask a question
Search in Internet Forums

Internet Forum

Reply
Posted Apr 30, 2014
3:47:19 PM
Is Uverse using Resource Public Key Infrastructure (RPKI), also known as Resource Certification

After the hack of Target, Neiman Marcus and the Heartbleed bug in OpenSSL/OpenSSh I want to know if Uverse or ATT is using the Resource Public Key Infrastructure (RPKI), also known as Resource Certification, which I read is more secure. Does anyone know much about this?

 

According to the Wiki entry: "

Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public
key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure.
RPKI provides a way to connect Internet number resource information (such as Autonomous System numbers
and IP Addresses) to a trust anchor. The certificate structure mirrors the way in which Internet number
resources are distributed. That is, resources are initially distributed by the IANA to the Regional Internet
Registries (RIRs), who in turn distribute them to Local Internet Registries (LIRs), who then distribute the
resources to their customers. RPKI can be used by the legitimate holders of the resources to control the
operation of Internet routing protocols to prevent route hijacking and other attacks. In particular, RPKI is used
to secure the Border Gateway Protocol (BGP) through BGPSEC, as well as Neighbor Discovery Protocol
(ND) for IPv6 through the Secure Neighbor Discovery Protocol (SEND).
Work on standardizing RPKI is currently (late 2011) ongoing at the IETF in the sidr working group
(https://datatracker.ietf.org/wg/sidr/charter/), based on a threat analysis which was documented in RFC 4593.
The standards cover BGP origin validation, while work on path validation[1] is underway.

"

After the hack of Target, Neiman Marcus and the Heartbleed bug in OpenSSL/OpenSSh I want to know if Uverse or ATT is using the Resource Public Key Infrastructure (RPKI), also known as Resource Certification, which I read is more secure. Does anyone know much about this?

 

According to the Wiki entry: "

Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public
key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure.
RPKI provides a way to connect Internet number resource information (such as Autonomous System numbers
and IP Addresses) to a trust anchor. The certificate structure mirrors the way in which Internet number
resources are distributed. That is, resources are initially distributed by the IANA to the Regional Internet
Registries (RIRs), who in turn distribute them to Local Internet Registries (LIRs), who then distribute the
resources to their customers. RPKI can be used by the legitimate holders of the resources to control the
operation of Internet routing protocols to prevent route hijacking and other attacks. In particular, RPKI is used
to secure the Border Gateway Protocol (BGP) through BGPSEC, as well as Neighbor Discovery Protocol
(ND) for IPv6 through the Secure Neighbor Discovery Protocol (SEND).
Work on standardizing RPKI is currently (late 2011) ongoing at the IETF in the sidr working group
(https://datatracker.ietf.org/wg/sidr/charter/), based on a threat analysis which was documented in RFC 4593.
The standards cover BGP origin validation, while work on path validation[1] is underway.

"

Accepted Solution

Is Uverse using Resource Public Key Infrastructure (RPKI), also known as Resource Certification

1,292 views
6 replies
(0) Me too
(0) Me too
Reply
View all replies
(6)
0
(0)
  • Rate this reply
View profile
Apr 30, 2014 3:51:34 PM
0
(0)
ACE - Expert

Just one question:


How much of this do you understand?

 

Just one question:


How much of this do you understand?

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Is Uverse using Resource Public Key Infrastructure (RPKI), also known as Resource Certification

2 of 7 (1,291 Views)
0
(0)
  • Rate this reply
View profile
Apr 30, 2014 4:06:58 PM
0
(0)
Tutor

I'm not an Internet backbone guy. Just a concerned netizen. If this is an inappropriate question I can post it elsewhere.

I'm not an Internet backbone guy. Just a concerned netizen. If this is an inappropriate question I can post it elsewhere.

Re: Is Uverse using Resource Public Key Infrastructure (RPKI), also known as Resource Certification

3 of 7 (1,287 Views)
0
(0)
  • Rate this reply
View profile
Solved
Apr 30, 2014 5:35:07 PM
0
(0)
Expert
RPKI is used in some carrier-grade routers. It is not used for smaller portions of a network, nor is it used with individual customer-end equipment like modems/gateways. It's purpose is not to secure devices, but rather secure the Internet's global routing tables from malicious attacks like route injection.

RPKI is used in some carrier-grade routers. It is not used for smaller portions of a network, nor is it used with individual customer-end equipment like modems/gateways. It's purpose is not to secure devices, but rather secure the Internet's global routing tables from malicious attacks like route injection.

Re: Is Uverse using Resource Public Key Infrastructure (RPKI), also known as Resource Certification

4 of 7 (1,271 Views)
Solution
Highlighted
0
(0)
  • Rate this reply
View profile
May 1, 2014 2:06:57 PM
0
(0)
Tutor

So is AT&T using it as part of their business as an ISP?

So is AT&T using it as part of their business as an ISP?

Re: Is Uverse using Resource Public Key Infrastructure (RPKI), also known as Resource Certification

5 of 7 (1,236 Views)
0
(0)
  • Rate this reply
View profile
May 1, 2014 2:46:58 PM
0
(0)
Expert
I have no idea. AT&T likely would not share that information with anyone, whether they are or are not using it.
I have no idea. AT&T likely would not share that information with anyone, whether they are or are not using it.

Re: Is Uverse using Resource Public Key Infrastructure (RPKI), also known as Resource Certification

6 of 7 (1,233 Views)
0
(0)
  • Rate this reply
View profile
May 1, 2014 6:25:16 PM
0
(0)
ACE - Expert

My point in my reply earlier is that you're associating two completely distinct technologies that have nothing whatsoever to do with each other.

 

My point in my reply earlier is that you're associating two completely distinct technologies that have nothing whatsoever to do with each other.

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Is Uverse using Resource Public Key Infrastructure (RPKI), also known as Resource Certification

7 of 7 (1,221 Views)
Share this post
Share this post