Publikationen

Autor	Shulman, Haya; Vogel, Niklas; Waidner, Michael
Datum	2026
Art	Journal Article
Abstrakt	The Resource Public Key Infrastructure (RPKI) was standardized to add cryptographic security to Internet routing. With over 50% of announced BGP prefixes protected with RPKI today, the protocol already impacts significant parts of Internet traffic. In addition to its growing adoption, there is also increasing political interest in RPKI. The White House indicated in its Roadmap to Enhance Internet Routing Security, on September 4, 2024, that RPKI is a mature and readily available technology for securing inter-domain routing. The Roadmap attributes the main obstacles toward wide adoption of RPKI to a lack of understanding, lack of prioritization, and administrative barriers. This article presents the first comprehensive study of the maturity of RPKI as a viable, production-grade technology. We find that current RPKI implementations still lack production-grade resilience and are plagued by software vulnerabilities, inconsistent specifications, and operational challenges, raising significant security concerns. The deployments lack experience with full-fledged, strict RPKI validation in production environments and operate in fail-open mode. We provide recommendations to improve RPKI resilience and guide stakeholders in securing their deployments against current and emerging threats. The numerous issues we have discovered with the current RPKI specifications and implementations inevitably lead to the question: Is RPKI sufficiently stable to align with the expectations outlined in the White House roadmap? Certainly, it is not perfect, but is it good enough? The answer, as we will explore, varies depending on one’s viewpoint. Like other Internet technologies, RPKI is not perfect. But is it "good enough"? The answer, as we will explore, varies depending on one’s viewpoint.
Url	https://publica.fraunhofer.de/handle/publica/518534