The pilot aims to provide increased value to ISPs by issuing certificates based on public key cryptography. Public keys are widely distributed but private keys are secret -- messages are encrypted with the public key and can only be decrypted with the private key to ensure confidentiality. AfricNIC officials discussed the project last week at the AfriNIC-12 Public Policy Meeting in Kigali, Rwanda.
"The RPKI process allows AfriNIC members to manage Route Origin Authorizations (ROAs) for their address space; (it) provides a public repository of certificates, where people can confirm validity and who owns what," said Alain Aina, special projects manager at AfriNIC, during the Kigali meeting.
Electronic commerce and credit card use online have failed to take off on the continent outside South Africa mainly because of a lack of national laws that govern electronic commerce and data protection. Most countries have no laws that address theft of electronic data or theft of credit card information.
Lack of security and authenticity of online resources has been blamed for the lack of trust. Spam and IP hijacking is increasingly becoming a reality as the region becomes more connected.
"The certificates will facilitate better routing security, guard against IP space hijacking, spam and address the need for trusted data for ISPs and eventually end users," added Aina.
The project will involve investment in infrastructure, servers and an RPKI engine. AfriNIC members have yet to decide whether the registry should offer the services as a free value-add, or whether ISPs should pay extra for them.
"AfriNIC can host the infrastructure for members, where they can connect and enjoy the benefits. If you ask people to invest, they may not be [attracted] to the idea; the more you do for members in the beginning the better," said Nii Quaynor, a member of Africa Network Operators Group (AfNOG).
There is no guarantee that member ISPs will seek certification, especially if there is no requirement that ISPs peer with each other.
Other challenges that AfriNIC is likely to face involve dealing with governments and addressing the thorny issue of sovereignty. Most governments get jittery when a separate entity tackles security issues, especially when dealing with e-government transactions.
"Governments have been used to a different way of doing things," said Adiel Akplogan, CEO of AfriNIC. "The Internet changes that because its decentralized, but this doesn't mean its uncontrollable and we are working with governments to address the concerns."
Most governments in Africa prefer dealing with the ITU because it is intergovernmental, and have not yet fully embraced the authority of ICANN on the Internet.
---
Autor(en)/Author(s): Rebecca Wanjiku
Quelle/Source: Computerworld Kenya, 07.06.2010
Bitte besuchen Sie/Please visit:
