翻訳と辞書 |
Resource Public Key Infrastructure : ウィキペディア英語版 | Resource Public Key Infrastructure Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure. RPKI provides a way to connect Internet number resource information (such as Autonomous System numbers and IP addresses) to a trust anchor. The certificate structure mirrors the way in which Internet number resources are distributed. That is, resources are initially distributed by the IANA to the Regional Internet Registries (RIRs), who in turn distribute them to Local Internet registries (LIRs), who then distribute the resources to their customers. RPKI can be used by the legitimate holders of the resources to control the operation of Internet routing protocols to prevent route hijacking and other attacks. In particular, RPKI is used to secure the Border Gateway Protocol (BGP) through BGPSEC, as well as Neighbor Discovery Protocol (ND) for IPv6 through the Secure Neighbor Discovery Protocol (SEND). Work on standardizing RPKI is currently (late 2011) ongoing at the IETF in the (sidr working group ), based on a threat analysis which was documented in RFC 4593. The standards cover BGP origin validation, while work on path validation〔(Security Requirements for BGP Path Validation ), S. Bellovin, R. Bush, D. Ward, October 19, 2011〕 is underway. Several implementations for the prefix origin validation already exist.〔(Resource Public Key Infrastructure (RPKI) Router Implementation Report (RFC 7128) ), R. Bush, R. Austein, K. Patel, H. Gredler, M. Waehlisch, February, 2014〕 == Resource Certificates and child objects == RPKI uses X.509 PKI Certificates (RFC 5280) with Extensions for IP Addresses and AS Identifiers (RFC 3779). It allows the members of Regional Internet Registries, known as Local Internet Registries (LIRs), to obtain a resource certificate listing the Internet number resources they hold. This offers them validatable proof of holdership, though it should be noted that the certificate does not contain identity information. Using the resource certificate, LIRs can create cryptographic attestations about the route announcements they authorise to be made with the prefixes they hold. These attestations are called Route Origination Authorizations〔(A Profile for Route Origin Authorizations (ROAs) ), M. Lepinski, S. Kent, D. Kong, May 9, 2011〕 (ROAs).
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Resource Public Key Infrastructure」の詳細全文を読む
スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|