[130451] in North American Network Operators' Group
Re: [ncc-services-wg] RPKI Resource Certification: building features
daemon@ATHENA.MIT.EDU (Randy Bush)
Sun Oct 3 22:26:50 2010
Date: Mon, 04 Oct 2010 11:26:27 +0900
From: Randy Bush <randy@psg.com>
To: Alex Band <alexb@ripe.net>
In-Reply-To: <AA34FDBC-D88B-41D8-8ED2-794555D02D4F@ripe.net>
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Do you think there is value in creating a system like this?
yes. though, given issues of errors and deliberate falsifications, i am
not entirely comfortable with the whois/bgp combo being considered
formally authoritative. but we have to do something.
> Are there any glaring holes that I missed
yes. the operator should be able to hold the private key to their
certificate(s) or the meaning of 'private key' and the security
structure of the [ripe part of the] rpki is a broken.
randy
