Raytheon BBN Technologies is pleased to present the open-source Relying Party Security Technology for Internet Routing (RPSTIR, pronounced rip-ster). RPSTIR helps network operators detect and reject most false route origin advertisements, thus reducing the likelihood of Internet address space hijacking. By using the global Resource Public Key Infrastructure (RPKI), RPSTIR securely generates a list of authorized route origins and provides it to routers, thereby enabling the routers to detect false origin announcements due to errors by network operators, e.g., the Pakistan Telecom hijack of YouTube address space. In addition to enabling network operators to utilize RPKI data, RPSTIR also provides fine-grained diagnostic tools for those who publish authoritative RPKI data.
As an open-source software project, all companies are free to modify RPSTIR to suit their individual needs or incorporate it into other products.
* Fine-grained ASN.1-level diagnostics for debugging RPKI repositories
* Both RPSL and diagnostic output
* Top-down and bottom-up certification path discovery
* Flexible database architecture
* Efficient parallel download of RPKI objects
* Local Trust Anchor functionality for mitigation against CA errors
* RTR server implementation
The Resource Public Key Infrastructure (RPKI) is being standardized in an ongoing effort at the IETF in the sidr working group.