RIPE NCC tightens IP resource certification

Dan Worth

The Ripe Network Coordination Centre (RIPE NCC) is to offer a new form of resource certification to prove that internet resources controlled by its members have been officially registered by the organisation.

The move means that anyone requesting IP addresses or autonomous system numbers from RIPE NCC will be able to generate a resource certificate based on the Public Key Infrastructure principle.

RIPE NCC claimed that this will facilitate automated checking of resource registration information to offer a dependable, transparent and standardised means of certification that all five Regional Internet Registries will use.

Andrew de la Haye, chief operations officer at RIPE NCC, told that the new system had been developed over a number of years in collaboration with RIPE NCC members, and will bring several key benefits.

"It allows a resource holder to automatically [identify] the holder of a certain IP range, and verify the legitimacy of any claims being made by other organisations that you can route traffic through a certain range," he said.

"The system has been created due to the evolution of technology that has allowed us to build it around robust standards, and is already in use among some ISPs.

The initiative also has the backing of major groups like the European Telecommunications Network Operators' Association, he explained.

De la Haye noted that such a system would have prevented mistakes such as Pakistan Telecom accidentally giving out an IP range that belonged to YouTube, knocking the video site offline worldwide in 2008.

A similar problem occurred last year when China Telecom accidentally redirected traffic from 15 per cent of the world's networks through its servers for 18 minutes.

RIPE NCC also said that router manufacturers are planning to incorporate resource certification into their products in an effort to ensure that route verification and filtering can be carried out in the hardware itself.