Presentation is loading. Please wait.

Presentation is loading. Please wait.

PP – 2016-02 Resource Authentication Key ( RAK ) code for third party authentication Presenter : Erik Bais – ebais @a2b-internet.com.

Published byWidyawati Chandra Modified over 5 years ago

Similar presentations

Presentation on theme: "PP – 2016-02 Resource Authentication Key ( RAK ) code for third party authentication Presenter : Erik Bais – ebais @a2b-internet.com."— Presentation transcript:

1 PP – 2016-02 Resource Authentication Key ( RAK ) code for third party authentication
Presenter : Erik Bais –

2 Policy proposal info Author – Erik Bais
Current status : Discussion Phase: Open for Discussion Version online – v1

3 Policy proposal In short : Ask the RIPE NCC to implement functionality that allows all number resources, in exacts and more specifics, to be authenticated via an date expiring API-key. Currently third-party databases used for IRR based filtering (Level3 db, RADB, NTTCOM DB etc) don’t enforce RIR authentication.

4 The general idea … The idea of starting this proposal …
If we can close this down for the major Third-Party DB’s ( NTTCom DB, RADB, Level3 DB), it is less likely that RIPE resources are going to be abused for BGP hijacking / spam runs actions. BGP Hijacked resources will sooner hit a prefix filter wall if no route objects exist. (reduce impact )

5 Is this an issue ?

6 Prefix Hijack of Dutch Foreign Ministry

7 What will it fix ? It will reduce the number of improper prefixes within a Third-Party DB… It will reduce the stale/old/historically incorrect objects (via the expiration of the API-Key by date X per key) RAK key expired, remove objects (same as with domain registrations. ) The resources for the RIPE region … other regions might follow.. I care about RIPE.

8 So where are we exactly ??

9 Next steps We need constructive feedback to the issue.
Waiting for RPKI, isn’t the fix for this.. Discus with RADB / NTT / others what the options are. What is the best way forward.

10

Download ppt "PP – 2016-02 Resource Authentication Key ( RAK ) code for third party authentication Presenter : Erik Bais – ebais @a2b-internet.com."

Similar presentations

A Threat Model for BGPSEC

A Threat Model for BGPSEC
A Threat Model for BGPSEC Steve Kent BBN Technologies.

A Threat Model for BGPSEC Steve Kent BBN Technologies.
Erik Bais, May 15 th 2013 PP - 2013-04 Resource Certification for non-RIPE NCC Members Presenter : Erik Bais –

Erik Bais, May 15 th 2013 PP Resource Certification for non-RIPE NCC Members Presenter : Erik Bais –
Database SIG Summary Report Chair – Xing Li APNIC Annual Member Meeting Bangkok, March 7 2002.

Database SIG Summary Report Chair – Xing Li APNIC Annual Member Meeting Bangkok, March
ARIN XIMemphis, TN April 2003 ARIN DBWG Tim Christensen Authentication Update.

ARIN XIMemphis, TN April 2003 ARIN DBWG Tim Christensen Authentication Update.
RIPE Network Coordination Centre 2009-11, Dakar, Senegal 1 Emile Aben Internet Measurement and Analysis at the RIPE NCC Emile.

RIPE Network Coordination Centre , Dakar, Senegal 1 Emile Aben Internet Measurement and Analysis at the RIPE NCC Emile.
Nigel Titley. RIPE 54, 9 May 2007, Tallinn, Estonia. 1 RIPE NCC Certification Task Force Update Presented by Nigel Titley RIPE NCC.

Nigel Titley. RIPE 54, 9 May 2007, Tallinn, Estonia. 1 RIPE NCC Certification Task Force Update Presented by Nigel Titley RIPE NCC.
Erik Bais, May 14 th 2014 PP - 2014-02 Allow IPv4 PI transfer Presenter : Erik Bais –

Erik Bais, May 14 th 2014 PP Allow IPv4 PI transfer Presenter : Erik Bais –
Draft Policy 2012-1 Clarifying Requirements for IPv4 Transfers.

Draft Policy Clarifying Requirements for IPv4 Transfers.
Database Update Kaveh Ranjbar Database Department Manager, RIPE NCC.

Database Update Kaveh Ranjbar Database Department Manager, RIPE NCC.
RIS Resource Allocations A special report on an endangered species …

RIS Resource Allocations A special report on an endangered species …
Router Configuration Management Tools

Router Configuration Management Tools
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
DNS Registries. Overview What is a DNS registry? –DNS registries –Data In –Data Out –Transactions Registry Structure –Registry –Registrars –Registrants.

DNS Registries. Overview What is a DNS registry? –DNS registries –Data In –Data Out –Transactions Registry Structure –Registry –Registrars –Registrants.
Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.

Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.
Database Update Paul Palse Database Manager, RIPE NCC.

Database Update Paul Palse Database Manager, RIPE NCC.
Database Update Kaveh Ranjbar Database Department Manager, RIPE NCC.

Database Update Kaveh Ranjbar Database Department Manager, RIPE NCC.
Mirjam Kühne 1 RIPE 33, May 1999 Introduction to the RIPE NCC presented by Mirjam Kühne.

Mirjam Kühne 1 RIPE 33, May 1999 Introduction to the RIPE NCC presented by Mirjam Kühne.
Address Policy SIG, APNIC Policy meeting, February 27th, 2003 (1) IPv6 Policy in action Feedback from other RIR communities David Kessens Chairperson RIPE.

Address Policy SIG, APNIC Policy meeting, February 27th, 2003 (1) IPv6 Policy in action Feedback from other RIR communities David Kessens Chairperson RIPE.
BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.

BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.

Similar presentations

Ads by Google