[135866] in North American Network Operators' Group
Re: [arin-announce] ARIN Resource Certification Update
daemon@ATHENA.MIT.EDU (sthaug@nethelp.no)
Sun Jan 30 11:29:24 2011
Date: Sun, 30 Jan 2011 17:28:04 +0100 (CET)
To: owen@delong.com
From: sthaug@nethelp.no
In-Reply-To: <08F0D3DD-D527-4A55-96AB-B414EE49342F@delong.com>
Cc: nanog@nanog.org, carlos@lacnic.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> > - Hosted solutions offer a low barrier entry to smaller organizatio=
ns
> > who simply cannot develop their own PKI infrastructure. This is the=
> > case where they also lack the organizational skills to properly man=
age
> > the keys themselves, so, in most cases at least, they are *better o=
ff*
> > with a hosted solution
> > =
> They also offer an attractive target for miscreants with a huge payof=
f
> if they are ever compromised.
...
> > For RIPE, their hosted solution is clearly meeting expectations wit=
hin
> > their region. Other region=B4s mileage may vary. I hope we (LACNIC)=
can
> > do just as well.
> > =
> We'll see how people feel after the first time it gets pwn3d.
I am already trusting RIPE with my data - specifically, RIPE publishes
route objects for my prefixes, and my transit providers generate their
prefix lists based on these route objects. I fail to see how a hosted
RPKI solution would make this situation worse.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
