[96221] in North American Network Operators' Group
Re: BGP certificate insanity was: (DHS insanity - offtopic)
daemon@ATHENA.MIT.EDU (Joe Abley)
Tue Apr 24 05:33:40 2007
In-Reply-To: <D03E4899F2FB3D4C8464E8C76B3B68B03BE827@E03MVC4-UKBR.domain1.systemhost.net>
Cc: <nanog@merit.edu>
From: Joe Abley <jabley@ca.afilias.info>
Date: Tue, 24 Apr 2007 10:30:35 +0100
To: <michael.dillon@bt.com>
Errors-To: owner-nanog@merit.edu
On 24-Apr-2007, at 10:15, <michael.dillon@bt.com> wrote:
>> You might try taking a look at the various presentations at
>> NANOG/RIPE/ARIN/
>> APNIC/APRICOT about the whole idea. Central point: the
>> entity that gives
>> you a suballocation of its own address space signs something
>> that says you
>> now hold it.
>
> If the whois directories actually operated under some set of
> guidelines
> defining their purpose and scope which was enforced by the directory
> publishers, then there would be no need for this certificate nonsense.
How can anybody be sure that the random peering tech they are talking
to really works for the organisation listed in the whois record? By
visual inspection of the e-mail address? A faxed LOA on company
letterhead?
Given a polished toolset, I'd take a signed ROA over any of those.
Joe
