1 / 14

RIPE NCC Certification Task Force Update

RIPE NCC Certification Task Force Update. Presented by Nigel Titley RIPE NCC Services WG May 9, 2007. Content. History Why Resource Certification? Complexity of Project Task Force Set-up Scope of the Certification Task Force Current Status Impacted Areas Next Steps.

zuwena
Download Presentation

RIPE NCC Certification Task Force Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RIPE NCC Certification Task Force Update Presented by Nigel Titley RIPE NCC Services WG May 9, 2007

  2. Content • History • Why Resource Certification? • Complexity of Project • Task Force Set-up • Scope of the Certification Task Force • Current Status • Impacted Areas • Next Steps

  3. Why Resource Certification? • Improve stability of the Internet • Higher quality of allocation data • Assertion validation procedure • Resource allocation: “RIPE NCC has allocated this resource to this party” • Helpful to ensure routing security • Check route injection authority • Automate trust relationship • Strengthen relationship between RIPE NCC and its members

  4. Complexity of Project • The certification project extends through all parts of the RIPE NCC, and so is a difficult and complicated challenge.

  5. Task Force Set-up • Certification TF assembled at RIPE 53 • Six RIPE community members • Good representation of region • Set-up to be part of the trial deployment in the RIPE region during 2007 • Tasked to formulate report for RIPE 55 for community discussion on way forward

  6. Task Force Scope • Identify requirements for a number resource certification service • Follow developments and raise awareness among network operators • Advise on impact • Service infrastructure, operational procedures • Utility of the authentication model • Policy considerations • Business relation between LIRs and RIPE NCC • Provide recommendations for production development

  7. Current Status • The CA-TF defined a picture of the landscape • The certification prototype has been delivered to support the identification of impacted areas • To simplify the project five main areas will be the focus of research and discussion: • Business area (including impact on policies) • Services area • Technical area • RIR wide area • Application area

  8. Business Area • Changes in the registration services related to the Registration Authority function • authentication • business relationship (throughout the whole chain) • Including end-users and PI space • Resource transfers • role of the RIR • Liability issues • Repository • certificate revocation and impact on end-users • certification of ERX space

  9. Business Area – Impact on Policies • How certificates are issued • For ERX/legacy resource holders • A transfer policy • Transfers are going to be possible • Within an RIR region from one party to another and between RIR regions • Policy to ensure: • Avoiding transfer of the same resource to several parties at a time

  10. Services Area • Certificate repository • Interoperability between repositories (RIRs) • Validation service • Hosted certification services • implication of hosted resource management systems • Shared certificate repositories • reliability requirements

  11. Technical Area • Specific areas for attention • Repository architecture • Performance implications

  12. RIR-wide Area • Specific areas for attention • Trust anchor(s) • Inter-RIR resource transfers • Deployment plan

  13. Application Area • Use for routing authorisation • Backward compatibility with RPSL database? • ROAs • Future secure routing protocols • Automating provisioning • Resource transfers

  14. Next steps • Make available documentation and code • Report at RIPE 55

More Related