[86951] in North American Network Operators' Group
Re: BGP Security and PKI Hierarchies (was: Re: Wifi Security)
daemon@ATHENA.MIT.EDU (George Michaelson)
Wed Nov 23 21:54:57 2005
Date: Thu, 24 Nov 2005 12:54:28 +1000
From: George Michaelson <ggm@apnic.net>
To: Randy Bush <randy@psg.com>
Cc: nanog@nanog.org
In-Reply-To: <17285.10191.239890.971388@roam.psg.com>
Errors-To: owner-nanog@merit.edu
On Wed, 23 Nov 2005 16:39:11 -1000
Randy Bush <randy@psg.com> wrote:
> >> [0] - i'll want the business cert to have the ca bit if i am
> >> large enough to have internal authorization process, and
> >> thus want to create and manage different certs for dns,
> >> billing, ...
> >
> > We are discussing how we can do subsidiary certificate services like
> > this in APNIC but I think this goes outside of routing policy and
> > into registry business practices which are unlikely to be common
> > for all RIR and NIR in the ways that resource certificates *have*
> > to be.
>
> if it is not common across registries, and if my certs do not
> work across registries, then something is very very broken,
> and a major pita at the isps', aka your members', expense.
>
> randy
If you want to see member-certificates which gate access to RIR/NIR
specific services common across all registries, I think you want to get
that onto an RIR meeting agenda Randy.
We currently have no cross-certification activity in member identity.
cheers
-George
