Paper 2016/1015

MaxLength Considered Harmful to the RPKI

Yossi Gilad, Omar Sagga, and Sharon Goldberg


User convenience and strong security are often at odds, and most security applications need to find some sort of balance between these two (often opposing) goals. The Resource Public Key Infrastructure (RPKI) [8], a security infrastructure built on top of interdomain routing, is not exempt from this issue. The RPKI uses the maxLength attribute to reduce the amount of information that must be explicitly recorded in its cryptographic objects. MaxLength also allows operators to easily reconfigure their networks with- out modifying their RPKI objects. However, we argue that the maxLength attribute strikes the wrong balance between security and user convenience. In particular, we argue that maxLength is commonly configured in a manner that either obviates the security benefis provided by the RPKI or causes legitimate routes to appear invalid, without providing performance improvements. Therefore, we argue that the maxLength attribute should be eliminated from the RPKI.

Available format(s)
Publication info
Preprint. Minor revision.
Routing securitypublic key infrastructure
Contact author(s)
yossig2 @ gmail com
2017-11-04: last of 8 revisions
2016-10-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yossi Gilad and Omar Sagga and Sharon Goldberg},
      title = {MaxLength Considered Harmful to the RPKI},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1015},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.