[45038] in North American Network Operators' Group
Re: SSL for IRR queries?
daemon@ATHENA.MIT.EDU (Jake Khuon)
Fri Jan 11 15:49:28 2002
Message-Id: <200201112047.g0BKlVv7000859@llama.wooj.com>
From: "Jake Khuon" <khuon@NEEBU.Net>
To: Tony Tauber <ttauber@genuity.net>
Cc: nanog@merit.edu
In-reply-to: Tony Tauber's message of Fri, 11 Jan 2002 14:45:35 -0500.
<Pine.GSO.4.40.0201111429310.5399-100000@mesa.bbnplanet.com>
Reply-To: khuon@NEEBU.Net (Jake Khuon)
Date: Fri, 11 Jan 2002 12:47:30 -0800
Errors-To: owner-nanog-outgoing@merit.edu
### On Fri, 11 Jan 2002 14:45:35 -0500 (EST), Tony Tauber
### <ttauber@genuity.net> casually decided to expound upon nanog@merit.edu
### the following thoughts about "SSL for IRR queries?":
TT> If there's a desire to trust information garnered
TT> from the Internet Routing Registry (eg. RADB, RIPE),
TT> it would seem that one would like a way to verify
TT> the server responding to queries.
There is implimentation work being done for rps-auth (RFC2725) by RIPE,
Merit and others I believe. This should ensure authenticated integrity of
the data. If it's query-time man-in-the-middle type attacks one is worried
about then an implimentation of rps-dist (RFC2769) addresses that issue
which I believe is being done by RIPE, Merit and others as well. I had
heard it was moved to a lower priority than implimenting rps-auth however.
Perhaps someone from the RIPE db-wg could comment.
--
/*===================[ Jake Khuon <khuon@NEEBU.Net> ]======================+
| Packet Plumber, Network Engineers /| / [~ [~ |) | | --------------- |
| for Effective Bandwidth Utilisation / |/ [_ [_ |) |_| N E T W O R K S |
+=========================================================================*/
