[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ncc-services-wg] RPKI Resource Certification: building features

Subject: [ncc-services-wg] RPKI Resource Certification: building features
From: randy at psg.com (Randy Bush)
Date: Mon, 04 Oct 2010 11:26:27 +0900
In-reply-to: <[email protected]>
References: <[email protected]>

> Do you think there is value in creating a system like this?

yes.  though, given issues of errors and deliberate falsifications, i am
not entirely comfortable with the whois/bgp combo being considered
formally authoritative.  but we have to do something.

> Are there any glaring holes that I missed

yes.  the operator should be able to hold the private key to their
certificate(s) or the meaning of 'private key' and the security
structure of the [ripe part of the] rpki is a broken.

randy

Follow-Ups:
- [ncc-services-wg] RPKI Resource Certification: building features
  - From: owen at delong.com (Owen DeLong)

Prev by Date: closing 'lazy mans NW research"
Next by Date: [ncc-services-wg] RPKI Resource Certification: building features
Previous by thread: closing 'lazy mans NW research"
Next by thread: [ncc-services-wg] RPKI Resource Certification: building features
Index(es):
- Date
- Thread