RPKI Trust Anchor Constraints: Enhancing Internet Resource Security

The Resource Public Key Infrastructure (RPKI) plays a critical role in internet security, ensuring that internet number resources (INRs) are used correctly by authorized entities. In this context, Relying Party (RP) software performs validation processes configured with five Trust Anchors (TAs) representing the Regional Internet Registries (RIRs). However, concerns have been raised within the technical community about the potential for TAs to claim resources beyond their jurisdiction, raising the need for stronger governance mechanisms.

Addressing Trust Anchor Conflicts with New Protocols

In response to these concerns, the Number Resource Organization (NRO) RPKI Program has led efforts to develop a draft specification addressing the limitations of current TAs. This critical advancement, titled ‘RPKI Trust Anchor Constraints,’ aims to clearly define which TA holds authority over specific INRs. The draft, now under discussion in the SIDR Operations Working Group (sidrops WG) within the IETF, will be a key focus during its session on 3 November 2025 in Montreal.

The new protocol introduces an agreement system among TAs, utilizing signed objects that detail the initial distribution of resources. Further, to accommodate transfers between TAs, only the source and recipient TAs are required to sign relevant documents, ensuring streamlined operations and eliminating potential overlaps. These signed records not only clarify ownership but also act as safeguards for ensuring accurate protocol execution.

Periodic Validation for Error Prevention

Integral to the new proposal is a periodic review mechanism, under which TAs issue an updated ‘distribution of resources’ object. This creates a logical progression from the previous state, consolidating all changes and rectifying any discrepancies arising from errors during resource transfers or IANA-related activities. By doing so, this process minimizes the potential impact of isolated mistakes, ensuring that clients relying on RPKI for security are not adversely affected by single-source errors.

Furthermore, the protocol aligns with the RIR Governance Requirements outlined in the ICP-2 update process. Its universal usability ensures compatibility not just for RIRs but also for any group of organizations implementing RPKI. Limited overlaps during resource transfers ensure smooth transitions without disrupting operational consistency, a critical feature for global internet infrastructure stability.

Community Engagement and Next Steps

The draft specification is open for review, inviting feedback from the broader technical community. Stakeholders are encouraged to participate in discussions, join the sidrops mailing list, and contribute insights during the upcoming session. Refining this document through collaborative input ensures it meets both technical and governance expectations, creating a more resilient foundation for internet resource management.

As internet security continues to evolve, initiatives like the RPKI Trust Anchor Constraints showcase the importance of collaborative innovation. By addressing potential vulnerabilities and fostering consensus across stakeholders, the internet community takes a vital step toward ensuring the safe, efficient governance of global internet resources.