[arin-announce] Regional Internet Registries are preparing to deploy “All Resources” RPKI Service

[ARIN]

Sent on behalf of the Number Resource Organization (NRO)

By 30 September 2017, each RIR will have moved from an RPKI Trust Anchor 
that reflects their current holdings to one that reflects all holdings 
(0/0), as further detailed in the “All Resources Applicability 
Statement” dated 21 January 2017:

https://www.ietf.org/archive/id/draft-rir-rpki-allres-ta-app-statement-01.txt

“This document provides an applicability statement for the use of 
multiple, over-claiming ‘all resources’ (0/0) RPKI certificate 
authorities (CA) certificates used as trust anchors (TAs) operated by 
the Regional Internet Registry community to help mitigate the risk of 
massive downstream invalidation in the case of transient registry 
inconsistencies.”

To mitigate the risk and alleviate this threat, the RIR’s have agreed to 
move from a Trust Anchor that reflects their current holdings only, to 
one that reflects all holdings. This improvement will provide a more 
robust way of allowing resources that are covered under RPKI to be 
transferred from one RIR to another. Prior to this change, each RIR will 
be working with their RPKI user community to prepare for the transition.

The NRO encourages members of the Internet community to certify their 
resources through RPKI. Internet routing today is vulnerable to 
hijacking and the provisioning/use of certificates is one of first steps 
required to make routing more secure.  Widespread RPKI adoption will 
help simplify IP address holder verification and routing decision-making 
around the world.