A High Performance Software Architecture for a Secure Internet Routing PKI

A PKI in support of secure Internet routing was first proposed in [1] and refined in later papers, e.g., [2]. In this “Resource” PKI (RPKI) the resources managed are IP address allocations and Autonomous System number (AS #) assignments. The RPKI presents a very different implementation challenge from a typical PKI,in that in the RPKI every relying party needs to validate every certificate and CRL at fairly frequent intervals (e.g., daily). In a fully deployed RPKI there will be several hundred thousand digital objects that require validation, so performance is a critical issue for any software implementation. This paper describes the software developed by BBN for use by relying parties in the RPKI, with a special focus on the means and methods used to realize a high performance design. Theoretical discussions are augmented with actual performance data. Highly favorable performance statistics for the BBN approach are concretely demonstrated.