On the Operational Granularity of RPKI ROA Management: Problem Statement and Requirements
draft-li-sidrops-roa-granularity-problem-statement-00
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | Yanbiao Li , Jiankang Yao , Di Ma | ||
Last updated | 2024-04-25 (Latest revision 2023-10-23) | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
When using the Resource Public Key Infrastructure (RPKI) to perform route origin validation (ROV) with route origin authorizations (ROAs), there have been security and usability issues identified and reported. This memo revisits these issues from the perspective of the operational granularity of ROA management, demonstrates problems and their root cause with the existing ROA encoding scheme, summarizes design requirements to address them, and evaluates three potential solutions. Though neither of existing solutions satisfies all requirements, a hybrid solution composed of two existing schemes is recommended to use in ROA management.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)