Will ICANN move to control routing security?

Replying to ICANN's draft 2009 Operating Plan and Budget, the Security and Stability Advisory Committee (SSAC) submitted comments last week vying for its piece of the estimated $60 million ICANN revenue pie. But the interesting story is not the dollar amounts requested by SSAC, rather their request for a specific line item for “Management of certificates for the addressing system (RPKI).”

For those not familiar, Routing Public Key Infrastructure (RPKI) is a protocol under development by the IETF's SIDR Working Group, which was charged with documenting an interdomain routing security architecture. The protocol defines a hierarchic public-key infrastructure that contains certificates (detailed in RFC 3779) that would bind IP address blocks and Autonomous System numbers to organizations, and which would make it possible for a relying party to verify who has the “right to use” these resources. This information could be used to help secure routing activity on the Internet.

But as Arbor Network's CSO and Internet Architecture Board (IAB) member Danny McPherson pointed out, implementing this kind of authorization scheme also raises major governance issues, and “could fundamentally change the role of IANA and the RIRs.” Depending on how it is implemented, it could be used to maintain control of IP numbers resources and impact routing. Like DNSSEC, there are policy questions to be explored around the hierarchical trust model and trust anchor control. These issues are only beginning to be discussed outside of the technical community, and it seems that the SSAC is interested in placing ICANN in the middle of controlling these critical Internet resources.

Comments are closed.