Despite writing web applications many engineers are not familiar with the infrastructure side of the internet - DNS, BGP, TCP/IP - and yet depend on it all working. Over the years I’ve gotten a better understanding of the guts of the internet but only in the past few weeks have I discovered Resource Public Key Infrastructure (RPKI) on top of BGP. RPKI is meant to add a layer of trust on top of the existing infrastructure which was designed many decades ago without worrying about malicious actors.
A simple way to view it is to imagine various entities broadcasting routes between IP addresses. So long as everyone is honest the system works and traffic is routed in near-optimal ways. But a malicious actor can broadcast incorrect routes which can then be naively followed. RPKI simply adds authority/trust to these broadcasts so routes cannot simply be hijacked.
This mirrors recent trends in adtech that aim to improve transparency and honesty - for example sellers.json and ads.txt. Similar to RPKI they give the various players in the adtech ecosystem information around the legitimacy of what they’re buying or selling. For example, a website will maintain an ads.txt file (NY Times example) that lists legitimate sellers of their ad inventory and the way those ads are represented in the market. Similarly, an ad exchange will host a sellers.json file (TripleLift example) that contains the set of publishers that they represent. A buyer can reference both of these to confirm that the ad request they are seeing is legitimate.
Both BGP and adtech suffer from system that were built around trust so it shouldn’t be surprising that they came up with similar solutions but it’s yet another reminder of how connected the modern internet is.