Limiting the Power of RPKI Authorities

Although Resource Public Key Infrastructure (RPKI) is critical for securing the inter-domain routing, one of the arguments hindering its adoption is the significant power that it provides to the Regional Internet Registries (RIRs), allowing prefix takedowns. In this work, we propose a small change to RPKI to distribute the power of RIRs preventing any single one of them from taking down a prefix. We design and implement a distributed RPKI system that relies on threshold signatures. This ensures that any change to the RPKI certificates requires a joint action by a number of RIRs, avoiding unilateral IP address takedowns. We evaluate the performance of our design and use historic RPKI data to analyse its performance and efficiency.