Updating the ARIN RPKI Trust Anchor Locator (TAL)
On 16 January 2025, we announced an update to the ARIN Trust Anchor Locator (TAL) executed to ensure compatibility with Resource Public Key Infrastructure (RPKI) validators. For more details on that update* you can view the announcement. But you might be asking yourself: “What is a Trust Anchor and how does this change impact me?” Let me explain.
What is a Trust Anchor?
Amongst the Internet standards community, a Trust Anchor is simply defined as “an authoritative entity represented by a public key and associated data” (RFC 5914). The authoritative entity could be a person, or organization, who begins the validation of an authorized process or authorized (signed) package. The trust anchor can be just a public key used for validating a certification authority (CA), a signed software package, or key. If you’re still unsure why you need to know what a Trust Anchor is and why ARIN’s announcement matters for you, keep reading as we dive deeper.
Routing Security and the Resource Public Key Infrastructure
If you are involved with the operations of an Internet-connected network, maintaining stable connectivity and security of your route announcements and data is at the top of your priorities list. There is constant messaging in the networking community that routing security is a group effort. Network operators with IP prefixes visible on the Internet need to do their part for the benefit of all global networking. The tool at the forefront of this effort is RPKI. RPKI uses the same technology of Trust Anchors, CAs, and cryptographic keys to help secure global routing.
As the Trust Anchor (aka the authoritative entity) for all the Internet number resources (prefixes and Autonomous System Numbers) in its registry, ARIN has the responsibility to respond to requests to validate the signed processes or packages referencing those resources. These requests and responses are critical to the functionality of RPKI. How do the users of RPKI know how to find the information in ARIN’s RPKI repository? They use the ARIN TAL. That’s why it’s important you know about the recent changes to this tool.
Do I need to do anything?
Remember how we said the changes were made to ensure compatibility with RPKI validators? Validators are the components of RPKI that seek to pull data from the ARIN RPKI repository. If your validator is not configured with the ARIN TAL you can’t take advantage of the benefits of RPKI for resources in the ARIN repository. To ensure you’re set up for this, confirm that you have the ARIN TAL installed. If not, visit the TAL page of our website for the download link and start taking advantage of RPKI’s routing security features!
*ARIN would like to acknowledge Job Snijders for his invaluable input, cooperation, and time in assisting with the update of the ARIN TAL. Job has provided ARIN solid feedback on our Internet Routing Registry and RPKI services over time.
Recent blogs categorized under: Updates
GET THE LATEST!
Sign up to receive the latest news about ARIN and the most pressing issues facing the Internet community.
SIGN ME UP →Blog Categories
Updates • RPKI • Tips • Fellowship Program • Caribbean • ARIN Bits • Grant Program • IPv6 • Business Case for IPv6 • Internet Governance • Public Policy • Elections • Outreach • Training • IPv4 • Security • Data Accuracy • Customer Feedback • IRR
